Name
C line
Synopsis
To ensure secure handling of
delivery, recipient addresses that are either a file or a program
require that sendmail perform delivery as the
owner of the file or program rather than as the user defined by the
DefaultUser option (DefaultUser).
A file address is one that begins with a /
character. A program address is one that begins with a
| character. Both characters are detected after
quotation marks have been stripped from the address.
To prevent potential security violations,
sendmail must take special precautions when
addresses in the qf file result from reading a
~/.forward or :include: file.
When such an address is to be placed into the qf
file (whether as a recipient’s address in an
R line or as an error recipient’s
address in an E line),
sendmail first places a C
line (for Controlling user) into the file and then the
recipient’s address. The C line
specifies the owner of the ~/.forward or
:include: file:
Cgeorge RPF:/u/users/george/mail/archive Cben RPF:|/u/users/ben/bin/mailfilter
Here, when sendmail later delivers to the
recipients in this qf file, it first converts its
user identity to that of the user george, then
resets itself back to being root again. The same
process repeats with the next recipient, except that
sendmail changes from root
to ben and back again. If there is no
C line preceding an R line, the
previous C line’s value is
carried down:
Cgeorge RPF:/u/users/george/mail/archive RPF:|/u/users/ben/bin/mailfilter ←controlling user is george ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
