Re: CVS commit: src/usr.bin/mail

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/usr.bin/mail
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 17 Dec 2014 15:00:23 +0000 (UTC)

In article <20141217142550.NE2degKJ%sdaoden%yandex.com@localhost>,
Steffen Nurpmeso  <sdaoden%yandex.com@localhost> wrote:
>
>No, of course not -- except that "validate user input" screams
>from every wall.  Maybe i'm just disappointed.  But any
>environment that passes a string that includes shell meta
>characters through to whatever else seems broken.  Tomorrow BSD
>Mail / POSIX mailx(1) get a CVE for QoS attacks because of passing
>through malformed addresses to MTAs that lead to nowhere but cause
>several process lifetimes and log entries...  That doesn't seem
>right.

It is to protect the innocent. Consider someone writing his first
cgi script and wants to add mail functionality :-) Perhaps as people
claimed "mail/mailx" is beyond hope...

christos

References:
- Re: CVS commit: src/usr.bin/mail
  - From: Steffen Nurpmeso
- Re: CVS commit: src/usr.bin/mail
  - From: Christos Zoulas
- Re: CVS commit: src/usr.bin/mail
  - From: Steffen Nurpmeso

Prev by Date: Re: CVS commit: src/usr.bin/mail
Next by Date: Re: CVS commit: src/sys/arch/vax
Previous by Thread: Re: CVS commit: src/usr.bin/mail
Next by Thread: Re: CVS commit: src/sys/arch/vax
Indexes:

Home | Main Index | Thread Index | Old Index