Bug#335937: libmime-lite-perl: send_by_sendmail() fails in taint
check mode
Niko Tyni
ntyni at iki.fi
Wed Jan 4 21:07:02 UTC 2006
On Thu, Oct 27, 2005 at 10:05:37AM +1300, Srdjan wrote:
> sendmail command and params are not constructed in a taint-safe fashion.
> Arguments to send_by_sendmail() are used/filled in rather than having
> separate vars set to defaults or untainted args.
Hi,
I disagree: it's not the job of send_by_sendmail() to untaint its args.
The base arguments are given straight to sendmail, and if the caller is
passing tainted data there, it's the caller's fault. The safe way is
calling send_by_sendmail() without any arguments at all.
However, there is one very real problem in send_by_sendmail(). When generating
the sendmail command line, it builds a '-f' argument from the 'From' field
of the email to be sent. Unfortunately it uses Mail::Address to do it,
and Mail::Address taints its data. See bug #346008 against libmailtools-perl.
I'll probably try to come up with a patch. In the meantime, using the
'SetSender => 0' argument to send_by_sendmail() should work around
this.
Cheers,
--
Niko Tyni ntyni at iki.fi
More information about the pkg-perl-maintainers
mailing list