[sork] Increase the forward security?

Eric Rostetter eric.rostetter at physics.utexas.edu
Mon May 12 12:11:00 PDT 2003


Quoting Sébastien CORBEAU <scorbeau at improve.fr>:

> I use imp in a production system with turba, passwd and vacation.
>
> I'm paranoiac and I hesitate to add the forward module due to a security
> reason:
> I can enter "cat /etc/passwd" in the .forward :(

Depending on version, there may be similar concerns for the vacation
module (e.g. the alias support in cvs).

> In the Driver.php file, the email validity is checked in the
> _make_email_address
> function with Mail_RFC822::parseAddressList.

Correct.

> Did you plan to change this?

Had not, until now at least.  I look into what is possible.

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Why get even? Get odd!


More information about the sork mailing list