Russ Allbery <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Robin Bowes <[EMAIL PROTECTED]> writes:
>
> > 3. In .qmail-default, used the following command:
>
> >  | qmail-remote ms-mail.eoc.org.uk $SENDER $EXT@$HOST
>
> Never, ever pass potentially untrusted shell variables to the shell
> without quoting.  It's a security hole waiting to happen, even if it's
> safe in one particular instance.  Better to get into the habit:
>
>         | qmail-remote ms-mail.eoc.org.uk "$SENDER" "$EXT@$HOST"

Thanks for the tip.  Noted and actioned!

R.

Reply via email to