Sam,
would you please spend a few words on security design
in Courier? I mean a who-should-care-about-what overview.
Sam Varshavchik writes:
You can implement this using an intelligent .courier-default file (all
on one line):
|| x=`echo "$DEFAULT" | [...snip...]
Haven't also looked at this closely,
but it should be safe from envelope-based attacks[...]
Would you please be more explicit on that? I've noticed
the destination mailbox is not being fully sanitized before
being passed to scripts: special characters apparently pass
and I can get something like
Delivered-To: `cat/etc/passwd|sendmail ale`@tana.it
I never got passwd even if the string was used in a
shell script, but I don't know if it's just me not
being a good hacker or if it's the system being robust.
Another similar point. When I use the escape() function
in mailfilters then I should not put the result in
double quotes, or some backslash will survive. I guess
mailfilter deserves singleescape() and doubleescape()
functions, which are not easy to do with full portability.
However, there's quite no hype in the docs about escaping
and it is not clear if/which security steps will have been
taken already when data is passed to the scripts.
TIA
Ale
8 messages in net.sourceforge.lists.courier-users[courier-users] Script security (was:...
