In article <20141217142550.ne2degkj%sdao...@yandex.com>, Steffen Nurpmeso <sdao...@yandex.com> wrote: > >No, of course not -- except that "validate user input" screams >from every wall. Maybe i'm just disappointed. But any >environment that passes a string that includes shell meta >characters through to whatever else seems broken. Tomorrow BSD >Mail / POSIX mailx(1) get a CVE for QoS attacks because of passing >through malformed addresses to MTAs that lead to nowhere but cause >several process lifetimes and log entries... That doesn't seem >right.
It is to protect the innocent. Consider someone writing his first cgi script and wants to add mail functionality :-) Perhaps as people claimed "mail/mailx" is beyond hope... christos