[pve-devel] [PATCH 2/2] email_from: fix for "insecure dependency in piped open" when email_from is empty

Stanislav German-Evtushenko ginermail at gmail.com
Wed Sep 3 15:22:42 CEST 2014


On Wed, Sep 3, 2014 at 4:08 PM, Stanislav German-Evtushenko <
ginermail at gmail.com> wrote:

>
> Perl considers this construction non-secure when running with "-T". It
> assumes that $hostname variable can contain something dangerous to run in a
> shell, for example, $hostname="; rm -rf /" and we get "Insecure dependency
> in open while running with -T switch" message in:
> open (MAIL,"|sendmail -B 8BITMIME -f $mailfrom $rcvrarg") || ...
>
> More is here http://en.wikipedia.org/wiki/Taint_checking
>

Anyway notifications still go from "root@$hostname" in so we shouldn't
worry about that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140903/4eecba91/attachment.htm>


More information about the pve-devel mailing list