[Esd-l] Setup issue with DROPPRIVS

chris lists at powernet.net
Mon May 13 10:23:01 PDT 2002 

I am new to the list and new to sanitizer/procmail, here is the gist of my
problem.

I am trying to get 1.134 Sanitizer working on a BSDi 4.2 with sendmail
8.11.6 and procmail 3.22
All files are in my home directory, and owned by me. I have no
/etc/procmailrc at all. The two accounts I am testing from/to are regular
users and not root. Here is some info on my setup and the error I see in the
log....

Here is a snippet of my log file

------snippet--------
' 2>> $LOGFILE"
No -e allowed in setuid scripts.
procmail: Program failure (255) of " perl -p -e '        #\
      $pastmsghdr = 1 if /^\s*$/;        #\
      $XCS = "X-Content-Security: [" . $ENV{"HOST"} . "]" unless $XCS;
#\
      if ($pastmsghdr) {        #\
----end snippet---------

I have just recently added the several DROPPRIVS, before each INCLUDERC to
see
if I might get it to work. I had no luck.

-----.procmailrc------
SHELL=/bin/sh
LINEBUF=4096
PATH="$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin"
VERBOSE=on
DROPPRIVS=YES

:0 c
 backup
###  BEGIN Sanitizer
POISONED_EXECUTABLES=${HOME}/san/poisoned-files
     STRIPPED_EXECUTABLES=${HOME}/san/stripped
     SECURITY_NOTIFY="noone at my.dom"
     SECURITY_NOTIFY_VERBOSE="virus-checker"
     SECURITY_NOTIFY_SENDER=${HOME}/san/local-email-security-policy.txt
     SECRET="Secret"
     MANGLE_EXTENSIONS="bat|exe|vbs|pif|com"
     # this file must already exist, with proper permissions
     # (rw--w--w-):
SECURITY_QUARANTINE=${HOME}/quarantine
     POISONED_SCORE=25
     SCORE_HISTORY=/var/log/macro-scanner-scores
     SECURITY_OPTOUT_FILENAME=${HOME}/security-optout.procmail
LOGFILE=${HOME}/procmail.log
     # Finished setting up, now run the sanitizer...
DROPPRIVS=YES
     INCLUDERC=${HOME}/san/security-optout.procmail
DROPPRIVS=YES
     INCLUDERC=${HOME}/san/local-rules.procmail
     CONFIG_VARIABLE=some_value
DROPPRIVS=YES
INCLUDERC=${HOME}/san/html-trap.procmail.nomacroscan
     # Reset some things to avoid leaking info to
     # the users...
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
### END sanitizer
-----end .procmailrc------

More information about the esd-l mailing list