Re: Secure popen

From: KuroiNeko (evpopkovat_private)
Date: Thu Jun 21 2001 - 11:08:07 PDT

  • Next message: Shafik Yaghmour: "Re: OT: Re: Secure popen"

    > Note that /usr/lib/sendmail (or /usr/sbin/sendmail; a number of
    > pre-compiled Linux binaries seem to assume this) doesn't have to be
    > "Sendmail". It just has to be a program which accepts an email on
    > stdin and does the work involved in delivering it.
    
     Indeed. Eg, /bin/mail
    
    > It does, however, have to exist, otherwise a number of programs (e.g.
    > mailx, crond) won't function correctly. Run "strings" on any program
    > which sends notification messages by email; you'll probably find a
    > reference to /usr/{lib,sbin}/sendmail in the output.
    
     Not only it  must exist, but, in  our case, it must be  executable by HTTP
    server.
    
    >   [1] Delimit each argument with single quotes, and replace any
    >   embedded single quotes with quote-backslash-quote-quote.
    
     This is,  definitely, a  way that guarantees  special shell  characters to
    come unprocessed, but  implementing it turns a CGI module  (normally a tiny
    fire-and-forget gadget) into  a very complex tool that  does dynamic memory
    allocations and thus requires very careful signal handling and other stuff.
    
    > But it is simple. And reliable; all text within single quotes is
    > guaranteed to be left untouched by /bin/sh.
    
     Yes. But why? Shell won't see it if it's just piped to /usr/sbin/sendmail.
    
    
    --
    
     ÌĤ¯Ç­¤ÏÁͤòÊá¤é¤Ì
    



    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 20:25:49 PDT