There is a group called (I believe) the Perl Mongers that have rewritten
some of the scripts found on Matts script Archive in attempt to make them
more secure.

These scripts can be can be found here.
http://www.scriptarchive.com/nms.html

Hope this helps,

Todd

-----Original Message-----
From: plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Victor
Odhner
Sent: Thursday, January 12, 2006 7:07 AM
To: Main PLUG discussion list
Subject: Re: formail (was moron at perl/cgi)

Craig White wrote:

>Downloaded a simple perl-cgi script called ForMail.pl
>
>getting fast and loose with permissions...
>  
>
I trust you know this, but ...


ForMail has some legendary security holes, due to its trust
of user data.  Just google for   formail exploit
to see 22 pages of references.
This script is a poster child for bad CGI usage.
Being under selinux would be no protection here.

Vic

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss