On Tue, 2012-01-31 at 18:36 -0500, Sam Varshavchik wrote: > Svetozar Mihailov writes: > > > Hello, > > > > Recently I discover email in queue which stays forever and delivers over > > and over. The problem was '&' in local part of email address. > > > > Server is Centos 5.7, courier-authlib-0.63.0, courier-0.65.0. > > > > > .mailfilter problem line: > > > > cc "!m&m...@example.com" > > > > Is '&' are allowed char in email address? If yes, how to escape '&' > > in .mailfilter? There is no other problems with 'm&m...@example.com'. > > Is this the literal statement. Or are you doing a variable expansion, like > "cc !$ADDR", where you extract ADDR from some header in the original email. >
.mailfilter containing only multiple 'cc "!m&m...@example.com"' lines, no variables inside. > "!" is just an alias for "$SENDMAIL -f '' <rest>". > > The above statement is equivalent to: > > /bin/sh -c "$SENDMAIL -f '' m&m...@example.com" > Okay, so correct line must be: cc "!'m&m&example.com'" which will expand as : /bin/sh -c "$SENDMAIL -f '' 'm&m...@example.com'" is that correct? > The shell interprets the & character as a background execution command, with > the rest as a second command to execute next. Hillarity ensues. > > Picture perfect example of the potential security holes and exploits, when > passing untrusted data originating from unknown sources, namely email > content, to the shell. > > If that's situation here, what do you think would happen if this pattern > picked up an address of ";rm -rf $HOME;@example.com"? Thanks, Svetozar Mihailov ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
