[CentOS] sendmail smrsh symlinks not working against php scripts

Mon Apr 16 17:17:21 UTC 2007
dan1 <dan1 at edenpics.com>

>> I am trying to forward the e-mails received to one address towards a php 
>> script.
>> I am trying all I can but nothing does.
>>
>> I have edited my /etc/aliases file and added this line.
>> ecard-bounce: "|/usr/bin/php /etc/smrsh/ecardbounce.php"
>>
>> Then, of course I do a 'newaliases'.
>> In my /etc/smrsh I have placed the symbolic link defined above, which has 
>> been created this way:
>> ln -s /home/my/scripts/ecardbounce.php /etc/smrsh/ecardbounce.php
>
> Wouldn't smrsh need to include /usr/bin/php as well in its permitted 
> subshell applications links in /etc/smrsh/?  the object of the binary is 
> not checked -- the binary is
>
> Note:  I do not pass on the security advisability of this act, just 
> sendmail syntax
>
> It has been a long time since I added items to the sendmail permitted 
> applications list as it is a known scurity cesspool.
>
> -- Russ Herrold

Hello, Russ.

Yes, the php link is there in /etc/smrsh, but it doesn't help.
To me it is like if the object of the binary (the parameter, or the script 
to execute) seems to also be checked, because if I put a file in the 
/etc/smrsh then it is executed properly.

Thanks anyway. Any other idea?
Daniel