Re: Secure popen

From: Glynn Clements (glynn.clementsat_private)
Date: Thu Jun 21 2001 - 04:40:46 PDT

Next message: Nick Brawn: "Re: Secure popen"

Previous message: John Viega: "Re: Secure popen"
In reply to: Rodrigo Barbosa: "Re: Secure popen"
Next in thread: KuroiNeko: "Re: Secure popen"
Next in thread: Adrian Ho: "Re: Secure popen"
Next in thread: Kai Schulte: "Re: Secure popen"
Reply: KuroiNeko: "Re: Secure popen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rodrigo Barbosa wrote:

> > > Why you must run sendmail ? Why don't you simply create a SMTP connection
> > > to your daemon, and send your e-mail just like any good manared e-mail
> > > program should do ?
> > 
> > Because invoking /usr/lib/sendmail is the standard mechanism for
> > sending mail on a Unix system. You should not assume that an SMTP
> > server is available, or even that the system supports TCP/IP.
> 
> I don't agree with this. The SMTP server is avaliable (even if it's not
> localy), once Sendmail is being used (I bet they are not using UUCP).

You can't automatically assume that there is an SMTP server available
which functions as an MSA (message submission agent). In order for the
mechanism which you propose ("Netscape" style mail sending) to work,
you need access to an MSA, i.e. an SMTP server which accepts messages
addressed to *any* destination.

Now, the typical office may have an MSA, but the web server could be
in an environment (e.g a colocation facility) where there isn't an MSA
available, and it might not be desired to run one on the web server
itself.

> And second, it's a CGI. CGI runs over a Web server. Web servers used the
> HTTP protocol. The HTTP protocol is implemented over TCP/IP.

Fair point.

> And, anyway, involking sendmail may be the standard, if by that you mean
> "the most common". It's not the only MTA avalible. I myself don't use it.

Note that /usr/lib/sendmail (or /usr/sbin/sendmail; a number of
pre-compiled Linux binaries seem to assume this) doesn't have to be
"Sendmail". It just has to be a program which accepts an email on
stdin and does the work involved in delivering it.

It does, however, have to exist, otherwise a number of programs (e.g. 
mailx, crond) won't function correctly. Run "strings" on any program
which sends notification messages by email; you'll probably find a
reference to /usr/{lib,sbin}/sendmail in the output.

> And escaping shell commands it's not that simple.

Sorry, I omitted the actual footnote:

  [1] Delimit each argument with single quotes, and replace any
  embedded single quotes with quote-backslash-quote-quote.

It's not trivial (i.e. you can't do it with printf, and you can't do
it "in place", as the resulting string may be larger than the input). 

But it is simple. And reliable; all text within single quotes is
guaranteed to be left untouched by /bin/sh.

-- 
Glynn Clements <glynn.clementsat_private>

Next message: Nick Brawn: "Re: Secure popen"
Previous message: John Viega: "Re: Secure popen"
In reply to: Rodrigo Barbosa: "Re: Secure popen"
Next in thread: KuroiNeko: "Re: Secure popen"
Next in thread: Adrian Ho: "Re: Secure popen"
Next in thread: Kai Schulte: "Re: Secure popen"
Reply: KuroiNeko: "Re: Secure popen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:38:10 PDT