On Thu, Aug 4, 2005, [EMAIL PROTECTED] said: > A BUGNOTE has been added to this bug. > ====================================================================== > http://www.dbmail.org/mantis/bug_view_advanced_page.php?bug_id=0000239 > ======================================================================
[snip] > I understand "|" may be dangerous on recipient side (maybe interpreted as > a process pipe), but on sender side? This (MAIL FROM) is used for > Return-path header only, isn't it? What we need to test is if this is a problem for ! and | forwards from the aliases table. We should be shell-escaping the stuff that goes onto those command lines so that we can handle any input. *looks at DBMail 2.0 code* Nope. This may be a problem. At the moment you can't get any nefarious characters into the system due to validchars, and indeed people *do* set up their own aliases table using chains of pipes. We don't want to throw the baby out with the bathwater and disable administrator-specified pipes... so we can't just quote everything blindly. Before we add | to validchars, we need to double check that all paths between the incoming address and the popen() call are vetted through the aliases table and are explicitly allowed if they contain anything interesting. In particular, I'm thinking that we might need extra checks for the domain catch alls. Aaron
