[ILUG] mail running programs
vincent at cunniffe.net
Mon Jan 28 11:22:26 GMT 2002
John P. Looney wrote:
> Years ago, when sendmail was new, and people didn't go around cracking
> into systems, because most of the time, they'd give you a shell account if
> you asked, sendmail was able to run programs on the target machine.
> I was wondering - if it could be done securely, would it be something
> that would be useful these days ?
It can be done securely : just use smrsh to set up a local handler for
the tasks, and put in a virtusertable entry pointing to the handler for
the submission address.
I've used it for story submission and a couple of other tasks, linking
back to a database. The security on my system was limited to source address
and plaintext password in the mail, but you could extend that easily enough
to PGP or whatever.
More information about the ILUG