[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] [ANNOUNCE] First Leafnode-2.0 beta version



krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel) writes:

> If you want to support moderated groups, you have to talk to some kind
> of Mail Transport Agent which can deliver the articles to a moderator.
> Most MTAs are able to successfully disguise themselves as sendmail
> (actually, I am not aware of a single MTA that cannot do that),
> simply because sendmail has become a kind of de-facto standard on
> Unix systems.

Note that the "sendmail" path and options should be configurable,
someone might want to use /var/qmail/bin/qmail-inject for example, and
it should allow wrapping the thing up in /usr/bin/env should that be
necessary.

I'd like to have a closer look at how you invoke the MTA so as to
prevent shell metacharacter abuse.

Don't use system(). Don't use execlp() or execvp().  (Better force the
user to set the fully qualified path in the configuration file.)

Use fork() and either of these: execv(), execl(), execle().

-- 
Matthias Andree

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list