On Thu, 2006-01-12 at 07:07 -0700, Victor Odhner wrote:
> Craig White wrote:
> 
> >Downloaded a simple perl-cgi script called ForMail.pl
> >
> >getting fast and loose with permissions...
> >  
> >
> I trust you know this, but ...
> 
> 
> ForMail has some legendary security holes, due to its trust
> of user data.  Just google for   formail exploit
> to see 22 pages of references.
> This script is a poster child for bad CGI usage.
> Being under selinux would be no protection here.
----
that's pretty well documented in the README and in the source. There
seems to be adequate restrictions on senders/recipients now.

As for the poster child for bad CGI...I am the unwitting consumer of bad
CGI - if you can point me to better code...I would appreciate it.

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss