Thinking more about this, wouldn't invoking /bin/bash actually increase the attack potential, by allowing for backticks and $() to execute via user-supplied data?
Also, it's not clear to me that ${quote} escapes backticks or $(). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056372 Title: Enabling SPF checks with CHECK_RCPT_SPF doesn't work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/2056372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs