Wang-hua Li, It's possible to do this. However, I agree that this could pose a security risk(some old sendmail exploits relied on the mailer to execute commands). If someone found an exploit in this program OR one of the programs it executes, they could execute an arbitrary code as that user(i.e. sending a REALLY long message could overflow a buffer). If the commands are or need to be run as root, this could mean root access. If you must execute commands remotely, use SSH, or for a web interface, CGI under HTTPS(with authentication!). This provides password protection and encryption. This would also protect the data returned to the user. Hope this helps. Regards, Charles Werbick The Wirehouse [EMAIL PROTECTED] writes: > Hi there, > > I undertand that this is not really a qmail question but am > still wondering if someone here could give me some suggestioins. > > I was asked to do some research on "running instructions contained > in a mail body", that is, users send their requests by mails and > the server parse the messages and then run the instructions > assigned by the requesters in the message body and perhpas if any output, send > the result back by mail to the requesters. It works just like > a mailing list but of course, the commannds I am talking about are not > 'subscribe', 'unsubcribe'..., etc. I, personally, don't like > this idea. Firstly I feel that there might be security problems > though I can't exactly point them out now, and also, I think > the same function could be done easier and perhaps > more secure in the form of Web page (w/CGI running). I wonder > if anyone out there really have done something like this ? or > could someone give some reasons why this is not a good idea, so I > could convince my boss ? > > > Thanks in advance, > > ----------- > Wang-hua Li >
