Use execv() if possible. John On Tue, Jun 19, 2001 at 10:03:56AM -0400, Aaron Bentley wrote: > I'm writing a CGI program in C++ that sends email. I'm using Sendmail > for the transmission, so I need a command that lets me specify stdin for > Sendmail. > I understand popen() is not very secure, because it uses the shell to > execute the command, but I don't know of a safe alternative. I can > sanitize my input, but is escaping all non-alphanumeric characters the > right answer? > > The program is not privileged, but I don't want people to be able to > gain privileges as 'nobody' on the web server. > > Any suggestions for this ? > > Aaron > > -- > Aaron Bentley > Manager of Information Technology > PanoMetrics, Inc. > >
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 16:50:46 PDT