On 29/07/05 16:14 -0400, Jason wrote: > The simple answer is because this mail would have never reached us and > likely will not reach many already. > > > CAT /ETC/PASSWD is also a perfectly valid Unix command on some systems > in all caps. > > Do you think that this mail can be processed and confidently assured to > be safe? > Ignoring the top posting habit,
Yes. Mail bodies traditionally are not run through eval(), but pattern matched. Stuff sent to scripts through mail is a different beast, and in general, that code is well written. I have never seen any situation where a mail body contained a script which would be run automatically on a Unix system. Plus, you can just use a current scanner like amavisd-new to only allow valid commands to be sent to the script (per recipient specifications). Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
