|
|
Sponsored Content
Operating Systems
Linux
Run PHP script when new email received
Post 302462572 by Neo on Thursday 14th of October 2010 01:27:58 PM
10-14-2010
Administrator
I design based on risk, and I have been in infosec all my very long career.
This is nothing wrong with having a .forward file in the situation posted by the original poster, IMHO.
There is no risks identified, there are no vulnerabilities identified, there are no threats identified.
I have been in infosec all my very long UNIX and Linux career, and have a CISSP, yadda, yadda, yadda... Security is based on risk, not speculation.
One of my biggest "pet peeves" are people who make blanket "this is not good" statements in the absence of any risk analysis. This is the biggest mistake many technical people make in IT security.
If you are going to make "sweeping statements" about "this is good" and "this is not good" here, you need to be prepared to completely back it up, technically, since I run the forums, LOL... You are not going to "beat me into submission, I assure you"
There is no technical argument (that you have made) where in a low risk situation on a shared server with an unprivileged user that a .forward file is such a high risk.
If you are willing to stop "hand waving" and provide technical facts on what the vulnerability, threat and risk of this original posters application, I'm all ears
Otherwise, move on. Thanks.
---------- Post updated at 17:27 ---------- Previous update was at 17:24 ----------
Note:
I did a Google search on these terms:
...and after looking at around 8 pages, found nothing interesting.
This is nothing wrong with having a .forward file in the situation posted by the original poster, IMHO.
There is no risks identified, there are no vulnerabilities identified, there are no threats identified.
I have been in infosec all my very long UNIX and Linux career, and have a CISSP, yadda, yadda, yadda... Security is based on risk, not speculation.
One of my biggest "pet peeves" are people who make blanket "this is not good" statements in the absence of any risk analysis. This is the biggest mistake many technical people make in IT security.
If you are going to make "sweeping statements" about "this is good" and "this is not good" here, you need to be prepared to completely back it up, technically, since I run the forums, LOL... You are not going to "beat me into submission, I assure you"
There is no technical argument (that you have made) where in a low risk situation on a shared server with an unprivileged user that a .forward file is such a high risk.
If you are willing to stop "hand waving" and provide technical facts on what the vulnerability, threat and risk of this original posters application, I'm all ears
Otherwise, move on. Thanks.
---------- Post updated at 17:27 ---------- Previous update was at 17:24 ----------
Note:
I did a Google search on these terms:
Quote:
".forward" security risk
|
|
10 More Discussions You Might Find Interesting
1. Forum Support Area for Unregistered Users & Account Problems
hi I did not received any such email for account activation nor i am able to see any status in my profile.
Am i missing anything?? :confused:
Please help
Appreciated. (0 Replies)
Discussion started by: bhush782003
0 Replies
2. UNIX for Advanced & Expert Users
Hi,
I tried running mailx command like this:
sadm@bioinfo-z:~$ mailx foobar@gmail.com
Subject: testgmail
Some content.
.
EOT
As you can see although it is successfuly executed.
But still I can't receive email at my foobar@gmail.com
account.
What is the cause? (9 Replies)
Discussion started by: monkfan
9 Replies
3. UNIX for Dummies Questions & Answers
hi
I have a bit of a problem i need help with.
I have a script that runs no problems when i run it manually. as soon as i stick in
tester: /app/scripts/run.pl
into /etc/aliases & try to run it by sending a mail it doesnt work.
the output files are owned by daemon, which i dont like & think... (7 Replies)
Discussion started by: jojo77
7 Replies
4. Forum Support Area for Unregistered Users & Account Problems
I have tried to register and got a message saying an email would be sent but no email has turned up. Could you try again please? (1 Reply)
Discussion started by: lookingfor help
1 Replies
5. UNIX for Advanced & Expert Users
hi..
I have the porblem where the email was sent but not received by users.. The message as below:-
Dec 16 11:42:04 isp postfix/smtp: A80042B4B: to=<user_name@example.com.my>,
relay=smtp.example.com.my:25, delay=890, delays=0.17/0.02/31/859, dsn=2.0.0,
status=sent (250 2.0.0 Ok: queued... (1 Reply)
Discussion started by: bh_hensem
1 Replies
6. Shell Programming and Scripting
Hi expert
I wish to start a shell script when I receive an email.
I modified the aliases file and I add this string
as400nag: "|/home/nag-script/startstop/AS400-Boot.sh
The solution works .
When the as400nag user receive an email the
/home/nag-script/startstop/AS400-Boot.sh starts .but... (3 Replies)
Discussion started by: emi65
3 Replies
7. Forum Support Area for Unregistered Users & Account Problems
I have tried to register today with the username BatterBits, but have not received the activation email
I do not live in any of the restricted countries - unless the UK has suddenly become a threat!
I'd be grateful if you would assist.
many thanks
Ian (2 Replies)
Discussion started by: unregistered
2 Replies
8. Shell Programming and Scripting
Hello Guys,
Here is the requirement!!
I want to check the mail with attachment received or not through unix scripting.
And send an notification email when mail with attachment already received.
Any thoughts on this is much appreciated!!
Regards,
Harry (0 Replies)
Discussion started by: dharry2017
0 Replies
9. Shell Programming and Scripting
Hi Guys,
I am stuck in between and seeking help here.
Requirement: A script that will run every morning which will connect to Mysql database and run the query to inform us about the holidays (it will also check if there were any holidays during last 2 business days). So the three queries are... (11 Replies)
Discussion started by: Sambit Sahu
11 Replies
10. Shell Programming and Scripting
Linux System having all Perl, Python, PHP (and Ruby) installed
From a Shell script, can call a Perl, Python, PHP (or Ruby ?) file
eg
eg
a Shell script run in a case statement call to run a php file, also Perl or/and Python file???
Like
#!/usr/bin/bash
....
....
case $INPUT_STRING... (1 Reply)
Discussion started by: hoyanet
1 Replies
LEARN ABOUT BSD
krb5envvar
krb5envvar(5) Standards, Environments, and Macros krb5envvar(5) NAME
krb5envvar - Kerberos environment variables DESCRIPTION
The Kerberos mechanism provides a number of environment variables to configure different behavior in order to meet applications' needs. Environment variables used within the Kerberos mechanism are: KRB5_KTNAME Used by the mechanism to specify the location of the key table file. The variable can be set to the following value: [[<kt type>:]<file name>] where <kt type> can be FILE or WRFILE. FILE is for read operations; WRFILE is for write operations. <file name> is the location of the keytab file. If KRB5_KTNAME is not defined, the default value is: FILE:/etc/krb5/krb5.keytab The keytab file is used to store credentials persistently and is used commonly for service daemons. Specifying the FILE type assumes that the subsequent operations on the associated file are readable by the invoking process. Care must be taken to ensure that the file is readable only by the set of principals that need to retrieve their unencrypted keys. The WRFILE type is used by the kadmin(1M) command. Specifying this type allows the administrator to designate an alternate keytab file to write to without using extra command line arguments for file location. KRB5CCNAME Used by the mechanism to specify the location of the credential cache. The variable can be set to the following value: [[<cc type>:]<file name>] where <cc type> can be FILE or MEMORY. <file name> is the location of the principal's credential cache. If KRB5CCNAME is not defined, the default value is: FILE:/tmp/krb5cc_<uid> where <uid> is the user id of the process that created the cache file. The credential cache file is used to store tickets that have been granted to the principal. Specifying the FILE types assumes that subsequent operations on the associated file are readable and writable by the invoking process. Care must be taken to ensure that the file is accessible only by the set of principals that need to access their credentials. If the credential file is in a directory to which other users have write access, you will need to set that directory's sticky bit (see chmod(1)). The MEMORY credential cache type is used only in special cases, such as when making a temporary cache for the life of the invoking process. KRB5RCNAME Used by the mechanism to specify the type and location of the replay cache. The variable can be set to the following value: [[<rc type>:]<file name>] where <rc type> can be either FILE or MEMORY. <file name> is relevant only when specifying the replay cache file type. If not defined, the default value is: FILE:/var/krb5/rcache/root/rc_<service> ...if the process is owned by root, or: FILE:/var/krb5/rcache/rc_<service> ...if the process is owned by a user other than root. <service> is the service process name associated with the replay cache file. The replay cache is used by Kerberos to detect the replay of authentication data. This prevents people who capture authentication mes- sages on the network from authenticating to the server by resending these messages. When specifying the FILE replay cache type, care must be taken to prevent the replay cache file from being deleted by another user. Make sure that every directory in the replay cache path is either writable only by the owner of the replay cache or that the sticky bit ("t") is set on every directory in the replay cache path to which others have write permission. When specifying the MEMORY replay cache type you need to weigh the trade-off of performance against the slight security risk created by using a non-persistent cache. The risk occurs during system reboots when the following condition obtains: o The duration from the last write to the replay cache before reboot to the point when the Kerberized server applications are run- ning is less than the Kerberos clockskew (see krb5.conf(4)). Under this condition, the server applications can accept a replay of Kerberos authentication data (up to the difference between the time of the last write and the clockskew). Typically, this is a small window of time. If the server applications take longer than the clockskew to start accepting connections there is no replay risk. The risk described above is the same when using FILE replay cache types when the replay cache resides on swap file systems, such as /tmp and /var/run. The performance improvement in MEMORY replay cache types over FILE types is derived from the absence of disk I/O. This is true even if the FILE replay cache is on a memory-backed file system, such as swap (/tmp and /var/run). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkrbu | +-----------------------------+-----------------------------+ |Interface Stability |Unstable | +-----------------------------+-----------------------------+ SEE ALSO
chmod(1), kinit(1), klist(1), kadmin(1M), kadmind(1M), krb5.conf(4), attributes(5), SEAM(5) SunOS 5.10 5 Mar 2004 krb5envvar(5)