procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Triggering activities through email

1997-06-19 06:08:00
from [Stephane Bortzmeyer] [Permanent Link] 
On Thursday 19 June 97, at 12 h 56, the keyboard of 
kle(_at_)uni-paderborn(_dot_)de 
wrote:


* ^Subject:.*\<send weather\>
| ( formail -r -A 'X-Loop: your(_at_)host(_dot_)domain' ; 
$HOME/bin/daily_weather ) \ 
      | $SENDMAIL -oi -t


formail -rt and not just -r or you fall in a very painful formail bug (it 
replies to Sender before using From, thus violating RFC822, and screwing 
MH users).


:0 h
* ! ^X-Loop: your(_at_)host(_dot_)domain
* ^Subject:.*whois \/[0-9.]+
| ( formail -r -A 'X-Loop: your(_at_)host(_dot_)domain' ; /pathToWhois/whois 
$MATCH ) \
      | $SENDMAIL -oi -t


OK for this one, I just would like the original sender to understand that 
executing a command with a parameter from the outside can be *dangerous*. 
For instance:

# WRONG. DO NOT USE IT!!!
:0 h
* ! ^X-Loop: your(_at_)host(_dot_)domain
* ^Subject:.*whois \/.+
| ( formail -r -A 'X-Loop: your(_at_)host(_dot_)domain' ; /pathToWhois/whois 
$MATCH 
) \
        | $SENDMAIL -oi -t

This would be terrible when receiving:

Subject: whois foobar ; rm -rf /
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Triggering activities through email, kle
Next by Date:  Re: Triggering activities through email, David W. Tamkin
Previous by Thread:  Re: Triggering activities through email, kle
Next by Thread:  Re: Triggering activities through email, David W. Tamkin
Indexes:  [Date] [Thread] [Top] [All Lists]