At 10:56 AM 7/30/01 +0000, Mel Matsuoka wrote:
>At 01:39 PM 07/30/2001 -0700, [EMAIL PROTECTED] wrote:
> >> "Stephen P. Potter" <[EMAIL PROTECTED]> said:
> >
> >> |
> >> | open (MAIL, "|/usr/sbin/sendmail $email")
> >> |
> >> | to which you should by the way add
> >> |
> >> | or die "sendmail: $!\n";
> >>
> >> This probably does not do what you think it does. It is almost always
> >> worthless to check the status of a pipe. The only time the pipe will fail
>
>Not to mention the fact that that open() call is a bigass security
>vulnerability waiting to be exploited. What if the user-supplied value of
>$email was something like ";rm -rf ." ? Not good.
>
>You should really be using sendmail with the -t flag to avoid shell
>exploits like this.
Believe it or not, that's exactly what the rest of the message Stephen
Potter was following up to said.
--
Peter Scott
Pacific Systems Design Technologies
http://www.perldebugged.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
