On Jan 19, 2006, at 00:02, David Nicol wrote:
my ($untainted, $params) = $binary =~ /^(\S+)\s*(.*)$/;
open(CPW,"|$untainted $params 3<&0");
What exactly is our security policy wrt trusting our configuration
files?
This seems like a case where the best would be to have the plugin
look for checkpassword in /var/qmail/bin (for historic reasons) and
document which source file to touch if yours is elsewhere.
checkpassword is "supposed" to live in /bin, see http://cr.yp.to/
checkpwd/install.html
We could build a true if we can't find true with `which true`
my $true = 'sh -c exit'
true :)
-Johan
