On Mon, Jun 26, 2000 at 03:35:08PM +0800, [EMAIL PROTECTED] wrote: > I was asked to do some research on "running instructions contained > in a mail body", that is, users send their requests by mails and > the server parse the messages and then run the instructions > assigned by the requesters in the message body and perhpas if any output, send > the result back by mail to the requesters. It works just like You certainly can't let it run arbitrary commands. But for a limited command set it is fine. What else, for example, is procmail? We do this all the time. Someone correct me, but I figure the security issues associated with it are the same as allowing login shells. In a typical example on our system, an email address like foo-order@ might take mail with *ML markup and parse it into an order. That's just one example. Anything nasty that a login user could do can be done by programs run from their .qmail file. OTOH, I'm pretty confident in qmail's security model that it cannot do **more**. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Database publishing, e-commerce, office/internet integration, Debian linux.
