Why aren't macros available to command syntax in pipe(8)?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Why aren't macros available to command syntax in pipe(8)?

Doug Barton
Setting up a new pipe in master.cf I wanted to do 'user=${user}' but
that macro isn't available there, only in argv. I found a workaround,
but I was curious about why?

Doug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Viktor Dukhovni

> On Mar 25, 2017, at 9:21 PM, Doug Barton <[hidden email]> wrote:
>
> Setting up a new pipe in master.cf I wanted to do 'user=${user}' but that macro isn't available there, only in argv. I found a workaround, but I was curious about why?

For good security reasons.  The only way to run code as the recipient is via
.forward files or mailbox_command in the local(8) delivery agent.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton
On 03/25/2017 06:28 PM, Viktor Dukhovni wrote:
>
>> On Mar 25, 2017, at 9:21 PM, Doug Barton <[hidden email]> wrote:
>>
>> Setting up a new pipe in master.cf I wanted to do 'user=${user}' but that macro isn't available there, only in argv. I found a workaround, but I was curious about why?
>
> For good security reasons.

Can you elaborate?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Viktor Dukhovni

> On Mar 25, 2017, at 9:38 PM, Doug Barton <[hidden email]> wrote:
>
>>> Setting up a new pipe in master.cf I wanted to do 'user=${user}' but that macro isn't available there, only in argv. I found a workaround, but I was curious about why?
>>
>> For good security reasons.
>
> Can you elaborate?

Unlike .forward or files which exist for selected users, injecting
envelope data (e.g. user=${user}) into the pipe(8) execution context
could allow remote senders to execute code as any user on the system
or modify which command is run, ...  Postfix attempts to be safe even
in the hands of non-expert users.

The local(8) delivery agent is designed to deliver email to system
users and is able to run commands as the user account receiving the
mail.  The features you're looking for are described under the heading
"DELIVERY METHOD CONTROLS" in:

   http://www.postfix.org/local.8.html

Namely:

   http://www.postfix.org/postconf.5.html#forward_path
   http://www.postfix.org/postconf.5.html#mailbox_command
   http://www.postfix.org/postconf.5.html#mailbox_command_maps

--
--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton
On 03/25/2017 06:55 PM, Viktor Dukhovni wrote:

>
>> On Mar 25, 2017, at 9:38 PM, Doug Barton <[hidden email]> wrote:
>>
>>>> Setting up a new pipe in master.cf I wanted to do 'user=${user}' but that macro isn't available there, only in argv. I found a workaround, but I was curious about why?
>>>
>>> For good security reasons.
>>
>> Can you elaborate?
>
> Unlike .forward or files which exist for selected users, injecting
> envelope data (e.g. user=${user}) into the pipe(8) execution context
> could allow remote senders to execute code as any user on the system

Yes, that's what I want to do. :)  Still easily done with a wrapper script.

> or modify which command is run, ...

Can you say more about this? If this is correct it seems like a major
security risk.

> Postfix attempts to be safe even
> in the hands of non-expert users.

That sounds like a good thing to do, obviously .... I just wonder if the
line is drawn in the correct location for this issue.

Doug


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Wietse Venema
Doug Barton:
> > Unlike .forward or files which exist for selected users, injecting
> > envelope data (e.g. user=${user}) into the pipe(8) execution context
> > could allow remote senders to execute code as any user on the system
>
> Yes, that's what I want to do. :)  Still easily done with a wrapper script.

Use the local(8) delivery agent for delivery as the recipient.
http:://www.postfix.org/postconf.5.html#mailbox_command
http:://www.postfix.org/postconf.5.html#mailbox_command_maps
http:://www.postfix.org/postconf.5.html#forward_path

The pipe(8) delivery agent is for delivery with a fixed role.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton
On 03/29/2017 04:01 AM, Wietse Venema wrote:
> Doug Barton:
>>> Unlike .forward or files which exist for selected users, injecting
>>> envelope data (e.g. user=${user}) into the pipe(8) execution context
>>> could allow remote senders to execute code as any user on the system
>>
>> Yes, that's what I want to do. :)  Still easily done with a wrapper script.
>
> Use the local(8) delivery agent for delivery as the recipient.

The specific thing I was working on was getting postfix to run
spamassassin as the user, in order to take advantage of the user's bayes
db. I want postfix to deliver the mail with lmtp.

Doug

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Wietse Venema
Doug Barton:

> On 03/29/2017 04:01 AM, Wietse Venema wrote:
> > Doug Barton:
> >>> Unlike .forward or files which exist for selected users, injecting
> >>> envelope data (e.g. user=${user}) into the pipe(8) execution context
> >>> could allow remote senders to execute code as any user on the system
> >>
> >> Yes, that's what I want to do. :)  Still easily done with a wrapper script.
> >
> > Use the local(8) delivery agent for delivery as the recipient.
>
> The specific thing I was working on was getting postfix to run
> spamassassin as the user, in order to take advantage of the user's bayes
> db. I want postfix to deliver the mail with lmtp.

Did you search the web for 'per-user spamassassin'?

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Why aren't macros available to command syntax in pipe(8)?

Doug Barton
On 03/29/2017 10:03 AM, Wietse Venema wrote:

> Doug Barton:
>> On 03/29/2017 04:01 AM, Wietse Venema wrote:
>>> Doug Barton:
>>>>> Unlike .forward or files which exist for selected users, injecting
>>>>> envelope data (e.g. user=${user}) into the pipe(8) execution context
>>>>> could allow remote senders to execute code as any user on the system
>>>>
>>>> Yes, that's what I want to do. :)  Still easily done with a wrapper script.
>>>
>>> Use the local(8) delivery agent for delivery as the recipient.
>>
>> The specific thing I was working on was getting postfix to run
>> spamassassin as the user, in order to take advantage of the user's bayes
>> db. I want postfix to deliver the mail with lmtp.
>
> Did you search the web for 'per-user spamassassin'?

Yes. There were numerous more complex solutions, using the macro seemed
simpler. :)

Like I said, in my OP, I solved that problem without the use of
user=${user}, I was just curious as to the rationale.

Doug


Loading...