--On Montag, 9. Februar 2004 12:53 +0100 Don van der Haghen <[EMAIL PROTECTED]> wrote:
> xfilter "/opt/amavis/sbin/amavis $FROM $TO"
> ---
>
> The message itself is probably just a piece of spam, but the following is
> remarkable:
>
> 1. Courier accepts the email address containing an | sign in the From field.
nearly everything is allowed in the localpart of an email-address.
> 2. Courier tries to pass it to the anti-virus check script (as specified
> in maildroprc).
> 3. Bash interprets this as a pipe and is thus executing a commmand
> specified in the 'From' field.
Never pipe untrusted input into a shell.
In the case of Maildrop just sanitize the variable with:
FROM=escape($SENDER)
which will prepend a backslash to any of: |!$()[]\+*?.&;`'-~<>^{}"
Dont know wether amavis knows how to deal with the backslashes, in the
worst case it just saves the innocent forged senders another bounce ;)
Or even better dump everything with unusual characters in $SENDER.
Roland
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
