[KLUG Members] this puzzles me very much
Bert
members@kalamazoolinux.org
Mon, 31 Mar 2003 10:50:55 +0200
Hi all,
I hope you can help me with the following problem. As far I can see it
must be a problem (?) with some authorization, but I can't find out where.
I have created a .forward file in the home directory of a user mail
called "mail-daemon". Sending a message to this user executes, as
expected, the command mentioned in the .forward file.
$ cat .forward
|/home/mail-daemon/bin/ontvang.pl
perl script "ontvang.pl" is indeed executed. It simply writes the
message to a file.
<ontvang.pl>
#!/usr/bin/perl -Tw
$ENV{PATH} = "/home/mail-daemon/bin";
my $stamp = "/home/mail-daemon/stamps/";
my $tijd = time;
$stamp .= $tijd;
my $teller = 0;
open STP, ">$stamp";
while (<>) {
print STP;
$teller++;
if ($teller > 1000) {
close STP;
die;
}
}
close STP;
open UIT, "|verwerk.pl";
print UIT $stamp;
close UIT;
exit 0;
</ontvang.pl>
So far so good. The next program "verwerk.pl" is also executed.It does
some processing of the message and creates a reply message. As a part of
the reply message parts of the original message are included after being
encrypted with pgp.
<verwerk.pl>
#!/usr/bin/perl -w
my %users;
use POSIX qw(strftime);
sub Verify();
$stamp = <>;
$pad = "/home/mail-daemon";
$user = "unknown";
open IN, "<$stamp";
while (<IN>) {
next if (/^\n/);
if (/^From /) {
$from = (split)[1];
}
if (/^Message-/) {
$mid = (split)[1];
}
# <DO SOME MORE PROCESSING>
# ...
# </DO SOME MORE PROCESSING>
}
close IN;
die if ($user =~ /unknown/);
die if ($rec =~ /unknown/);
die if ($ipa =~ /unknown/);
$ENV{'PATH'} = "/bin:/usr/sbin:/home/mail-daemon/bin/usr/bin"; # untaint !!
if ($user ne "unknown") {
open UIT,">>$pad/etc/calls";
print UIT "----------------------------------------\n";
print UIT strftime "Datum: %Y%m%d %H:%M:%S\n", gmtime;
print UIT "From: $from\n";
print UIT "Received: $rec\n";
print UIT "Message: $mid\n";
print UIT "User: $user\n";
close UIT;
# should be changed in an more secure way to supply password, but for testing okay.
$ENV{PGPPASS} = "this is my secret password %r28Y9!";
# ** here the problem begins **
if (try-this) {
`pgp -sa $stamp 100 2>&1 > /dev/null`;
}
else { # maybe this works...
open UIT,"|pgp -sa $stamp 100";
while (<UIT>) {
print LOG "pgp: $_";
}
close UIT;
}
# end problem part.
open MAIL,"|sendmail -f'mail-daemon\@dse.nl' $users{ $user }";
print MAIL <<"EOF";
From: mail-daemon
To: $users{ $user }
Subject: $rnd\@$ipa
Please reply to this message.
-- mailer daemon --
EOF
open IN, "<$stamp.asc";
while (<IN>) {
print MAIL;
}
close IN;
close MAIL;
}
else {
#send a warning to admin
}
</ontvang.pl>
As said the script is executed correctly. One thing however is *not*
executed and that is the pgp part. It refuses to execute, so no
"$stamp.asc" is created. Because the first script saves the whole
message, it is easy to use it again in a " cat <some messages> |
/home/mail-daemon/bin/ontvang.pl" . And the "$stamp.asc" is created
this time!!
So, if the messages is received and being "piped-in" by the .forward
file the pgp part is *not* executed, but using the 'cat' command to send
it the same way the pgp paryt *is* executed. I have tried to figure this
out, dumped the environment, searched for clues in access rights but
can't find it. What am I missing here? I am sure the .forward file and
hence the other files are executed with rights belonging to the same
user. I am not using the 'cat' command as a root user but as the same
user that ownes the .forward file.
And, the sendmail command is executed properly. So it must have
something to do with pgp. How can pgp 'know' how it is called and why
does it matter?
Who can answer this problem for me?
tia,
Bert.