Marc wrote: > So you don't control the scripts that run on the machine? > Well, you're pretty screwed, then -- with the env patch, they > could just change the environment before calling sendmail, if > they want to.
Yes - no control in the sense that I don't have anywhere near the time to audit every script uploaded to a shared web server. However, they cannot modify the environment variables that Apache puts in place if I'm not mistaken, which is why I only rely on those environment variables, and nothing else. So far, I've had a perfect success rate - my only issue is with PHP since I can only track the domain by injecting it to the php config as shown in the originally quoted email back many days ago. > Unless someone knows how to use setenv(3) in their calling code. :) I'm too lazy to be sure, but I would think that the CGI specified environment variables shouldn't be deletable/changeable... But again, haven't put much thought in to it. > Um, please provide a signed consulting contract? I think > I've given you plenty to go on. You've described your ideas better now yes - no examples required any more :) Eli. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
