|FROM ||Rick Moen
|SUBJECT ||Re: [NYLXS - HANGOUT] cable crimping
|From owner-hangout-outgoing-at-mrbrklyn.com Tue Mar 17 08:22:03 2015
Received: by mrbrklyn.com (Postfix)
id 9642C1612E6; Tue, 17 Mar 2015 08:22:03 -0400 (EDT)
Received: by mrbrklyn.com (Postfix, from userid 28)
id 86D7B1612E9; Tue, 17 Mar 2015 08:22:03 -0400 (EDT)
Received: from linuxmafia.com (linuxmafia.COM [184.108.40.206])
by mrbrklyn.com (Postfix) with ESMTP id 9050F1612E6
for ; Tue, 17 Mar 2015 08:21:39 -0400 (EDT)
Received: from rick by linuxmafia.com with local (Exim 4.72)
for hangout-at-nylxs.com; Tue, 17 Mar 2015 05:21:38 -0700
Date: Tue, 17 Mar 2015 05:21:38 -0700
From: Rick Moen
Subject: Re: [NYLXS - HANGOUT] cable crimping
Content-Type: text/plain; charset=utf-8
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
List-Id: NYLXS General Discussion Forum
Quoting Chris Knadle (Chris.Knadle-at-coredump.us):
> If you look at the mailman_transport, that's a pipe transport.
Certainly I've actually never (before) looked into the guts of the
recommended router or transport definitions. The main functional
advantage of using that system was, frankly, freeing one's self from
having to continually futz around manually adding and removing
/etc/aliases lines, and instead let the MLM mailing list definition
files get accessed by the MTA directly.
That having been said, we can at least hope in this case that the MTA
does careful input validation on what gets sent through
mailman_transport's pipe driver. The regex disassembly that derives the
local part string looks competent, for example.
Anyway, thanks for pointing that out. Learned something.
> This is the case by default, but not if you set the user and group in
> the transport (such as they did in the Mailman example). Furthermore
> if you look in section 29 concerning the pipe transport, there's an
> allow_commands option to limit what commands a transport can call.
Yeah, this is what one hopes to see.
> At least with Exim using a pipe via /etc/aliases doesn't /have/ to be
> something terribly insecure. You do need to know what you're doing...
I never said I had anything inherently against pipes, mind you. This is
Unix, after all. ;->