procmail
[Top] [All Lists]

Re: safely passing email to the shell

1999-03-30 06:25:33
On 30 March 1999, era eriksson <era(_at_)iki(_dot_)fi> wrote:
On Tue, 30 Mar 1999 15:12:22 +0300, Liviu Daia 
<Liviu(_dot_)Daia(_at_)imar(_dot_)ro>
wrote:
 > On 30 March 1999, era eriksson <era(_at_)iki(_dot_)fi> wrote:
 >> system ("/home/mshaw/bin/pager", "-number", $number, "-text", $text);
 >> The reason I think this is marginally relevant to the Procmail list is
 >> that the whole SHELLMETAS issue is basically an instance of the same
 >> phenomenon and that I wanted to point out that this is something the
 >> generic you should probably understand about Unix.
 >     Quoting from the Unix programming FAQ:
 > : The recipients of a message can simply be specified on the command
 > : line.  This has the drawback that mail addresses can contain
 > : characters that give `system()' and `popen()' considerable grief,
 > : such as single quotes, quoted strings etc. Passing these constructs
 > : successfully through shell interpretation presents pitfalls.

Is this intended as a correction, or a pointer to more information?
Perl, like Procmail, doesn't invoke a shell unless the command line to
execute includes shell metacharacters.

    Pointer to more information.

    Regards,

    Liviu Daia

-- 
Dr. Liviu Daia               e-mail:   daia(_at_)stoilow(_dot_)imar(_dot_)ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc

<Prev in Thread] Current Thread [Next in Thread>