> Gia Elise Barboza <[EMAIL PROTECTED]> said:
> open(mail, "|mail barbozag\@msu.edu");
> print mail "bad news: guessed \n";
> close (mail);
This works, but if you are not certain of the contents of the email message
(e.g. writing a CGI interface to let a user compose and send an email message)
then doing the above can be very dangerous. mail or mailx allows shell escape
sequences in the input (a line starting with a ~! escapes to the shell).
This is a very nasty security hole, especially if your script runs as root.
It is better to pipe the message and headers into sendmail which has no escape
sequences. So something like:
open(MAIL, "|/usr/sbin/sendmail soandso\@somedomain.com");
print MAIL <<EOF;
From: whoever\@localdomain.com
Subject: hi there
This is the body of the message.
EOF
Note the message header is separated from the body by an empty line.
--
Smoot Carl-Mitchell
Consultant
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
