nanog mailing list archives
Re: Programmers with network engineering skills
From: Joe Greco <jgreco () ns sol net>
Date: Tue, 13 Mar 2012 08:41:21 -0500 (CDT)
The ideal world contains a mix of techniques. You cannot just blindly leave it to the MTA to decide what's valid. Along that path lies madness. How do you pass the address to the MTA? Don't do it as a system() call unless you want someone to own your box with a semicolon.Only if you don't properly quote/escape the arguments you are passing.
That's a great theory that's been a disaster in practice, as "properly" is difficult and mistakes often turn into exploits. That's not to say that you're not right, obviously you are, but that is kind of more of a sign of the scope of the problem than anything else. In an ideal world, it wouldn't be an issue. In reality, the set of allowed characters for e-mail addresses should probably have been a bit more controlled... ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Programmers with network engineering skills, (continued)
- Re: Programmers with network engineering skills Tei (Mar 12)
- Re: Programmers with network engineering skills Keegan Holley (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Michael Thomas (Mar 12)
- Re: Programmers with network engineering skills William Herrin (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Joe Greco (Mar 12)
- Re: Programmers with network engineering skills Mark Andrews (Mar 12)
- Re: Programmers with network engineering skills Joe Greco (Mar 13)
- Re: Programmers with network engineering skills Jimmy Hess (Mar 16)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 12)
- Re: Programmers with network engineering skills Aled Morris (Mar 13)
- Re: Programmers with network engineering skills Joe Greco (Mar 13)
- Re: Programmers with network engineering skills Steve Bertrand (Mar 13)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 16)
- Re: Programmers with network engineering skills Keegan Holley (Mar 12)
- Re: Programmers with network engineering skills Paul Graydon (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Carlos Martinez-Cagnazzo (Mar 13)