Hi Stas, On Wed, Jan 18, 2017 at 1:26 AM, Stanislav Malyshev <smalys...@gmail.com> wrote:
> > > I cannot reseach all kinds of sendmail binaries. If there are exotic > > sendmail binaries, > > I would like to know the reference for them. Thank you. > > I don't think it is a good idea to specialize for specific binaries. This is what I thought, too. "sendmail" binary should be compatible with "sendmail", but there may be binaries aren't compatible sendmail style options. Stricter validation provides better security while there is compatibility risk. We cannot specify sendmail binary nor shell, i.e. cannot make sure how it works and there is chance for security and compatibility risk. I prefer stricter validation for better security. However, it could be somewhere between. - Allow only alpha numeric + '-' + '_' + '/' (Only under Windows) for option names What do you think? If anyone know more chars should be allowed, please comment. e.g. XYZ sendmail requires "sendmail -f='sender'" style. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
