Re: formail (was moron at perl/cgi)

Top Page
This message is part of the following thread:
M+-\the complete thread tree sorted by date
MM\MCraig White at <-
.MMDarrin Chandler at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: irb
Date:  
To: Main PLUG discussion list
Subject: Re: formail (was moron at perl/cgi)
* Quoth Victor Odhner (), on Thu, AD 2006.01.12, at 07:07 -0700:
>
> ForMail has some legendary security holes, due to its trust
> of user data. Just google for formail exploit
> to see 22 pages of references.
> This script is a poster child for bad CGI usage.
> Being under selinux would be no protection here.

There's a project called NMS available at http://nms-cgi.sf.net/ that
attempts to reimplement a number of Matt's scripts in sane and secure
ways, FormMail.pl included. See also
http://www.scriptarchive.com/nms.html.

/i.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Linux presentation in east MesaRe: formail (was moron at perl/cgi)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)