Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-

From:	Paul Vixie
Subject:	Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7
Date:	Mon, 15 Jan 2018 14:34:01 -0800
User-agent:	Postbox 5.0.22 (Windows/20171208)

i do not think that we can ask for the shell's help with metacharacterexpansion, because even on unix, the syntax it understands may not bewhat the user expects.

because i call sendmail from popen() in cron, i had this problem withMAILTO= values. i first decided to accept only @, %, ::, and %. but thenpeople with strange login shells or strange non-posix /bin/shimplementations reported trouble. now i allow isalnum() only, and ifthey want something else, they can put it in /etc/aliases or whatever.

for MH we should allow only metacharacters we handle explicitly, and weshould use strsep() rather than /bin/sh to make our argument vectors,and we should call execve() rather than popen().


in other words, the reason this is hard to do, is that it's a bad idea.

vixie

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, (continued)

Prev by Date: Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7
Next by Date: Re: [Nmh-workers] rcvdist with non-default port
Previous by thread: Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7
Next by thread: Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7
Index(es):
- Date
- Thread