Sweet - for those of us who understood that - well it is a thought provoking concept!
I wonder what other unsafe combinations might exist... m/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sam Varshavchik Sent: Tuesday, December 02, 2003 3:57 PM To: [EMAIL PROTECTED] Subject: [courier-users] Re: Emails with '&' in sender address... again My guess would be that you've installed some convoluted command line in the .courier file that uses the $SENDER environment variable in an unsafe way, so the ampersand in the E-mail address gets interpreted by the shell. Congratulations! With a carefully-crafted message, an attacker can execute any shell command on your box. But again, that's just a guess, because you haven't explained what your problem is. ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
