UnsafeGroupWrites
Check unsafe group permissions Deprecated
In processing a ~/.forward file
or a :include:
file, a question arises when group- or world-write
permission is enabled. Should
sendmail trust the addresses
found in such files? Clearly the answer is “no” when
world-write permission is enabled. But what of
group-write permission?
Beginning with V8.8 sendmail, the
decision of whether to trust group-write permission
is left to the UnsafeGroupWrites option, which looks
like this:
O UnsafeGroupWrites=bool ← configuration file (V8.8 and later) -OUnsafeGroupWrites=bool ← command line (V8.8 and later) define(`confUNSAFE_GROUP_WRITES',bool) ← mc configuration (V8.7 and later)
The optional argument bool,
when missing, defaults to true (check for unsafe
group-write permission). If this option is missing
entirely, it defaults to false (don’t check for
unsafe group-write permission).
With this option set to true, a
~/.forward file or a :include: file with
group or world writability will result in one of
these four errors being logged:
filename: group writable forward file, marked unsafe filename: world writable forward file, marked unsafe filename: group writable include file, marked unsafe filename: world writable include file, marked unsafe
Any address in the file that is a file or a program will result in a bounce and this message:
Address address is unsafe for mailing to programs Address address is unsafe for mailing to files
Beginning with V8.10, sendmail uses this option only to set the ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
