Name
UnsafeGroupWrites
Synopsis
In processing a ~/.forward file or a :include: file, a question arises when group or world write permission is enabled. Should sendmail trust the addresses found in such files? Clearly the answer is “no” when world write permission is enabled. But what of group write permission?
Beginning with V8.8 sendmail, the decision of
whether to trust group write permission is left to the
UnsafeGroupWrites
option, which looks like this:
O UnsafeGroupWrites=bool ← configuration file (V8.8 and later) -OUnsafeGroupWrites=bool ← command line (V8.8 and later) define(`confUNSAFE_GROUP_WRITES',bool)← mc configuration (V8.7 and later)
The optional argument bool
, when missing,
defaults to true (check for unsafe group write permission). If this
option is missing entirely, it defaults to false
(don’t check for unsafe group write permission).
With this option set to true, a ~/.forward file or a :include: file with group or world writability will result in one of these four errors being logged:
filename: group writable forward file, marked unsafe filename: world writable forward file, marked unsafe filename: group writable include file, marked unsafe filename: world writable include file, marked unsafe
Any address in the file that is a file or a program will result in a bounce and this message:
Address address is unsafe for mailing to programs Address address is unsafe for mailing to files
Beginning with V8.10, sendmail uses this option
only to set the GroupWritableForwardFileSafe ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.