Re: Secure popen

From: Glynn Clements (glynn.clementsat_private)
Date: Thu Jun 21 2001 - 04:40:46 PDT

  • Next message: Nick Brawn: "Re: Secure popen"

    Rodrigo Barbosa wrote:
    
    > > > Why you must run sendmail ? Why don't you simply create a SMTP connection
    > > > to your daemon, and send your e-mail just like any good manared e-mail
    > > > program should do ?
    > > 
    > > Because invoking /usr/lib/sendmail is the standard mechanism for
    > > sending mail on a Unix system. You should not assume that an SMTP
    > > server is available, or even that the system supports TCP/IP.
    > 
    > I don't agree with this. The SMTP server is avaliable (even if it's not
    > localy), once Sendmail is being used (I bet they are not using UUCP).
    
    You can't automatically assume that there is an SMTP server available
    which functions as an MSA (message submission agent). In order for the
    mechanism which you propose ("Netscape" style mail sending) to work,
    you need access to an MSA, i.e. an SMTP server which accepts messages
    addressed to *any* destination.
    
    Now, the typical office may have an MSA, but the web server could be
    in an environment (e.g a colocation facility) where there isn't an MSA
    available, and it might not be desired to run one on the web server
    itself.
    
    > And second, it's a CGI. CGI runs over a Web server. Web servers used the
    > HTTP protocol. The HTTP protocol is implemented over TCP/IP.
    
    Fair point.
    
    > And, anyway, involking sendmail may be the standard, if by that you mean
    > "the most common". It's not the only MTA avalible. I myself don't use it.
    
    Note that /usr/lib/sendmail (or /usr/sbin/sendmail; a number of
    pre-compiled Linux binaries seem to assume this) doesn't have to be
    "Sendmail". It just has to be a program which accepts an email on
    stdin and does the work involved in delivering it.
    
    It does, however, have to exist, otherwise a number of programs (e.g. 
    mailx, crond) won't function correctly. Run "strings" on any program
    which sends notification messages by email; you'll probably find a
    reference to /usr/{lib,sbin}/sendmail in the output.
    
    > And escaping shell commands it's not that simple.
    
    Sorry, I omitted the actual footnote:
    
      [1] Delimit each argument with single quotes, and replace any
      embedded single quotes with quote-backslash-quote-quote.
    
    It's not trivial (i.e. you can't do it with printf, and you can't do
    it "in place", as the resulting string may be larger than the input). 
    
    But it is simple. And reliable; all text within single quotes is
    guaranteed to be left untouched by /bin/sh.
    
    -- 
    Glynn Clements <glynn.clementsat_private>
    



    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:38:10 PDT