[pbs-devel] applied: [PATCH proxmox v3] fix #3302: allow for more characters for email
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed May 12 21:20:04 CEST 2021
On 12.05.21 16:20, Dominik Csapak wrote:
> by removing the regex check here, that is responsibility of the caller
>
> this is ok since we pass the args directly and not via shell, so
> command injection should not be possible
yeah, if nothing is there to interpret injected commands then it really isn't
possible, besides naturally some security issue in sendmail command parser or
the like, but there's no future proofing against that.. ;-)
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> tested command injection with emails like '--help' but this got sent
> to '--help at myhostname' which got sent to 'root at myhostname'
>
> proxmox/src/tools/email.rs | 15 +--------------
> 1 file changed, 1 insertion(+), 14 deletions(-)
>
>
applied, thanks!
More information about the pbs-devel
mailing list