At 01:39 PM 07/30/2001 -0700, [EMAIL PROTECTED] wrote:
>> "Stephen P. Potter" <[EMAIL PROTECTED]> said:
>
>> |
>> | open (MAIL, "|/usr/sbin/sendmail $email")
>> |
>> | to which you should by the way add
>> |
>> | or die "sendmail: $!\n";
>>
>> This probably does not do what you think it does. It is almost always
>> worthless to check the status of a pipe. The only time the pipe will fail
Not to mention the fact that that open() call is a bigass security
vulnerability waiting to be exploited. What if the user-supplied value of
$email was something like ";rm -rf ." ? Not good.
You should really be using sendmail with the -t flag to avoid shell
exploits like this.
Aloha,
mel
--
mel matsuoka Hawaiian Image Productions
Chief Executive Alphageek (vox)1.808.531.5474
[EMAIL PROTECTED] (fax)1.808.526.4040
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
