Re: Secure popen

From: Glynn Clements (glynn.clementsat_private)
Date: Wed Jun 20 2001 - 05:18:08 PDT

  • Next message: Glynn Clements: "Re: Secure popen"

    Rodrigo Barbosa wrote:
    
    > > I'm writing a CGI program in C++ that sends email.  I'm using Sendmail
    > > for the transmission, so I need a command that lets me specify stdin for
    > > Sendmail.
    > (cut)
    > > Any suggestions for this ?
    > 
    > I have one.
    > DON'T DO THIS !
    > Why you must run sendmail ? Why don't you simply create a SMTP connection
    > to your daemon, and send your e-mail just like any good manared e-mail
    > program should do ?
    
    Because invoking /usr/lib/sendmail is the standard mechanism for
    sending mail on a Unix system. You should not assume that an SMTP
    server is available, or even that the system supports TCP/IP.
    
    > There is no way to use popen in a sane way, AFAIK. 
    
    It's not that hard to escape shell commands correctly[1], although I
    would choose the solution which most of the replies suggested:
    pipe/fork/dup/exec.
    
    -- 
    Glynn Clements <glynn.clementsat_private>
    



    This archive was generated by hypermail 2b30 : Wed Jun 20 2001 - 17:41:09 PDT