Hi all, On 21.02.21 15:46, Laurent Combe wrote: > near 3 years i report this issue > i joined a patch > and after all that time nothing, not even a "confirmed" tag. > > very disappointing. What can I do to help this issue be accepted more quickly > ?
I can't speak for Javier, but in the meantime, I myself have mostly given up on cron, in the sense that I consider systemd timers a superior solution. I think we can integrate this patch still in time for bullseye, it's small enough. However, it is missing a crucial feature: the validation of the contents of MAILFROM, just as MAILTO is validated. This is a security issue, as the contents of this variable are passed to /usr/bin/sendmail, and it shouldn't contain eg: options to modify the latter's working. The cronie code has a safe_p function to validate this; it is more sophisticated than our own function. I'll import that. Best, Christian
