Re: -x on Postfix, and a possible fix.

[Tony Shadwick]

On 06/08/2010 02:21 PM, Don Armstrong wrote:
> On Tue, 08 Jun 2010, Tony Shadwick wrote:
>  > Although I must acknowledge this as a problem, this is somewhat the
>  > fault of a negligent systems administrator.
>
> It's primarily the fault of the coder for calling out to the shell
> instead of specifying the arguments directly using popenv or similar.
>
>  > So far as fixing -x...I just don't know. Maybe some sanity checking
>  > to make sure that there are no pipe symbols in the address being
>  > passed through?
>
> -x has *already* been fixed in versions that are distributed by Debian
> and Fedora, and presumably Ubuntu, Redhat and others.
>
>
> Don Armstrong
>
> --
> [The] JK-88 [coffee] percolator is capable of acheiving the ultimate
> balance of aroma and density, aftertaste and emollience, pentosans and
> tannins. The next step is to reduce the cost of the HPLC-E technology
> to the point where it can be manufactured for less than the cost of a
> Boeing 757.
> -- Charles Stross "Extracts from the Club Diary" in _Toast_ p83-4
>
> http://www.donarmstrong.com http://rzlab.ucr.edu
>
> _______________________________________________
> Spamass-milt-list mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/spamass-milt-list

I'm puzzled then - I think I need to go dig up the sources precisely 
being used there.  I'm working from 0.3.1, and it looked as though 
sendmail, albeit with a hard-coded path, was being called from the 
command line still, and the vulnerability was still present.  If so, 
then no wonder.

Sorry Don, I'm not trying to be combative, was a bit frustrated earlier. 
 Seems that I may have a fundamental misunderstanding as to the cause 
for concern.

Tony Shadwick