Russ Allbery writes:
> >>> #!/bin/sh
> >>> exec qmail-local "$USER" "$HOME" "$LOCAL" "" "nodeliver" "$HOST"
> >>> "$SENDER" "$1"
> windlord:~> cat > .qmailnodeliver
Feh.
exec qmail-local "$USER" "$HOME" "$LOCAL" "" "../../../../../../../../../../../
../../../../../../../../../../../../../../../../../../../bwahahaha" "$HOST" "$SENDER"
"$1"
Talk your way out of this one, fido.
> Never! :) I did just look at the man page the first time, though. It
> works if you can safely assume that there won't be that particular .qmailX
> file, though, which may make it Good Enough.
Sure, I wasn't expecting hostile users; if someone tries hard enough
to break their email delivery, I'm *quite* sure they can succeed.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
