----- Original Message ----- From: "Aaron Bentley" <abentleyat_private> To: <secprogat_private> Sent: Tuesday, June 19, 2001 7:03 AM Subject: Secure popen > I'm writing a CGI program in C++ that sends email. I'm using Sendmail > for the transmission, so I need a command that lets me specify stdin for > Sendmail. > I understand popen() is not very secure, because it uses the shell to > execute the command, but I don't know of a safe alternative. I can > sanitize my input, but is escaping all non-alphanumeric characters the > right answer? > > The program is not privileged, but I don't want people to be able to > gain privileges as 'nobody' on the web server. > > Any suggestions for this ? > > Aaron > > -- > Aaron Bentley > Manager of Information Technology > PanoMetrics, Inc. > why not use the system("/bin/mail blah blah"); ? Jeremy
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 16:56:20 PDT