[Top] [All Lists]

Re: [ietf-822] inventive syntax, at least

2014-11-15 05:21:13
On Saturday, November 15, 2014 5:18:02 AM CEST, John Levine wrote:
I would think that sendmail and postfix .forward files would have the
same problem.

Postfix doesn't write GIGO crap to environment variables. Qmail's general philosophy is to not parse and thereby shrink its own attack surface, Postfix' is to parse and think about the result.

Postfix will write e.g. the recipient localpart to the environment, so if your login name were (){etc I suppose Postfix would be vulnerable in your case.

No idea about sendmail, I haven't used that since the days of 5.65.


ietf-822 mailing list

<Prev in Thread] Current Thread [Next in Thread>