[PLUG] can one email from within a program?

Carlos Konstanski ckonstanski at pippiandcarlos.com
Thu May 10 02:27:15 UTC 2007 

On Wed, 9 May 2007, Eric Wilhelm wrote:

> Date: Wed, 9 May 2007 16:48:27 -0700
> From: Eric Wilhelm <scratchcomputing at gmail.com>
> Reply-To: "General Linux/UNIX discussion and help;	civil and on-topic"
>     <plug at lists.pdxlinux.org>
> To: PLUG <plug at lists.pdxlinux.org>
> Subject: Re: [PLUG] can one email from within a program?
> 
> # from Carlos Konstanski
> # on Wednesday 09 May 2007 03:19 pm:
>
>> Here's a perl function that will do as Rich suggested (i.e. opening a
>> pipe to a mailer program).  The body is passed in as a string.  For
>> tightest security, it is best to hardcode the recipient at minimum.
>
> You probably also want to use the list form of pipe open or else you'll
> have to quote the $to value to keep the shell from breaking it into
> multiple arguments (not to mention that whole $to="hah;rm -rf /"
> thing.)  Of course, Email::Send::Sendmail has that same bug (though it
> gets irony points for going to the extra effort of creating this bug by
> flattening a list @args.)  To be fair, perl has only had list-form pipe
> open() for something like 5 years now.
>
> I suspect that your code also has a hole in that it doesn't finalize the
> headers before printing the body.  Email::Simple would solve that.
>
> --Eric
> -- 
> "It is impossible to make anything foolproof because fools are so
> ingenious."
> --Murphy's Second Corollary
> ---------------------------------------------------
>    http://scratchcomputing.com
> ---------------------------------------------------

Perl might be too dangerous a way to send mail for lightweights like
me, given its close interface to shell commands.  It made for a good
example, as it illustrates the problem so nicely.  I wasn't even
trying; I thought my function was relatively secure!  I co-opted it
from old-school perl hackers I used to work with.  Since I'm not using
this function anywhere right now, I'm delighted by Eric's audit.

Using a trusted library is a better move, since the codebase is more
likely to have been scrutinized by many talented coders.  But Eric
shows that there is room for false security here.  One must audit the
code oneself to be sure, and even that is subject to the examiner's
skill.

Perhaps it makes sense to find out which language Ted is using, and
then find the least exploitable means to send email in his language.
If anybody knows the best way to send mail from a common lisp program,
by the way, I am all ears.

Carlos Konstanski

More information about the PLUG mailing list