"Jason R. Mastaler" <[EMAIL PROTECTED]> writes: > When OUTGOINGMAIL = 'sendmail', TMDA sends mail with the sendmail > interface like such: > > /usr/sbin/sendmail -f 'envelope_sender' -- 'envelope_recipient' > > Thus, if someone sends you a message with some shell command as their > Return-Path, there is a chance it could be executed by the shell when > the above sendmail command is run.
It seems to me that this problem could be avoided by TMDA doing the fork/exec of sendmail itself, rather than passing this command to the shell. If the shell is not involved, it doesn't matter if one of the arguments is a shell command. The sendmail program may then barf at bogus arguments, but it shouldn't be a security risk. In other words, the security risk isn't the use of the sendmail program but rather the use of the shell. I think I'll take a look at the Python support for this and see if Util.sendmail can be appropriately modified. Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
