> Note that /usr/lib/sendmail (or /usr/sbin/sendmail; a number of > pre-compiled Linux binaries seem to assume this) doesn't have to be > "Sendmail". It just has to be a program which accepts an email on > stdin and does the work involved in delivering it. Indeed. Eg, /bin/mail > It does, however, have to exist, otherwise a number of programs (e.g. > mailx, crond) won't function correctly. Run "strings" on any program > which sends notification messages by email; you'll probably find a > reference to /usr/{lib,sbin}/sendmail in the output. Not only it must exist, but, in our case, it must be executable by HTTP server. > [1] Delimit each argument with single quotes, and replace any > embedded single quotes with quote-backslash-quote-quote. This is, definitely, a way that guarantees special shell characters to come unprocessed, but implementing it turns a CGI module (normally a tiny fire-and-forget gadget) into a very complex tool that does dynamic memory allocations and thus requires very careful signal handling and other stuff. > But it is simple. And reliable; all text within single quotes is > guaranteed to be left untouched by /bin/sh. Yes. But why? Shell won't see it if it's just piped to /usr/sbin/sendmail. -- ÌĤ¯Ç¤ÏÁͤòÊá¤é¤Ì
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 20:25:49 PDT