* Quoth Victor Odhner (vodhner@cox.net), on Thu, AD 2006.01.12, at 07:07 -0700:
> 
> ForMail has some legendary security holes, due to its trust
> of user data.  Just google for   formail exploit
> to see 22 pages of references.
> This script is a poster child for bad CGI usage.
> Being under selinux would be no protection here.

There's a project called NMS available at http://nms-cgi.sf.net/ that
attempts to reimplement a number of Matt's scripts in sane and secure
ways, FormMail.pl included. See also
http://www.scriptarchive.com/nms.html.

/i.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss