This is fully yours and who am i but "Christos Zoulas" <chris...@netbsd.org> wrote: |Module Name: src |Committed By: christos |Date: Tue Dec 16 19:30:24 UTC 2014 | |Modified Files: | src/usr.bin/mail: cmd3.c extern.h fio.c mail.1 names.c send.c | |Log Message: |Fix various security related issues: | | 0001. Do not recognize paths, mail folders, and pipes in mail addresses | by default. That avoids a direct command injection with syntactically | valid email addresses starting with |. | | Such addresses can be specified both on the command line, the mail | headers (with -t) or in address lines copied over from previous | while replying.
|Added expandaddr option to explicitly enable this behavior. why does a Christos Zoulas silently wave through this sloppy programmed shit from oss-sec that simply returns from outof() instead of giving any indication on what is going on? Unbelievable. --steffen