On Saturday, November 15, 2014 5:18:02 AM CEST, John Levine wrote:
I would think that sendmail and postfix .forward files would have the
same problem.
Postfix doesn't write GIGO crap to environment variables. Qmail's general
philosophy is to not parse and thereby shrink its own attack surface,
Postfix' is to parse and think about the result.
Postfix will write e.g. the recipient localpart to the environment, so if
your login name were (){etc I suppose Postfix would be vulnerable in your
case.
No idea about sendmail, I haven't used that since the days of 5.65.
Arnt
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822