perl - sendmail & code injection -
i sending content through 'sendmail' includes user supplied data. phone call using perl, e.g.
open(mail, "| /usr/sbin/sendmail -fsomeone\@somewhere.com -t ") print mail service "the user content..." close(mail) are there risks here, e.g. user formats info in way injects code?
the perl script isn't @ risk through (i'm assuming "the user content" stands for, say, contents of variable). whoever gets mail service @ mercy of whatever "the user content..." might be.
to create sure nil bad happens, we'd need see much more of script. read (and create sure understand) dawid wheeler's "secure programming linux , unix howto", secure perl programming (perhaps cert standard starting point).
perl security sendmail code-injection
No comments:
Post a Comment