[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: auditing procmail?

--- Valdis Kletnieks vt edu wrote:

> Anybody have any good ideas on what should happen
> for auditing and loginuid
> when Sendmail invokes procmail as a delivery agent,
> and we're running
> essentially arbitrary code as the user from their
> .procmailrc?  My gut
> feeling is that this *should* act just like a cron
> job for auditing
> purposes, but the sendmail/procmail interface isn't
> in the least PAM-ified,
> so we can't just toss in a 'session required
> pam_audit.so'...

Since the user can define what goes into the
.procmailrc and since whatever is specified runs
as the user the audit should identify the user
and be treated as a user session. In the days
before delivery agents we still had to deal with
"vacation", and audit that appropriately.

Casey Schaufler
casey schaufler-ca com

Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]