[PLUG] Re: can one email from within a program?

[Randal L. Schwartz]

>>>>> "Carlos" == Carlos Konstanski <ckonstanski at pippiandcarlos.com> writes:

Carlos> Here's a perl function that will do as Rich suggested (i.e. opening a pipe
Carlos> to a mailer program).  The body is passed in as a string.  For tightest
Carlos> security, it is best to hardcode the recipient at minimum.  If the
Carlos> recipient were a function argument, it would be more possible for a hacker
Carlos> to exploit the function as a mass mailer.  With a hardcoded recipient, it
Carlos> can only spam one person.

Carlos> sub send_mail {
Carlos>     my $body = pop(@_);
Carlos>     my $to = $SENDER;
Carlos>     my $from = $RECIPIENT;
Carlos>     my $subject = $SUBJECT;
Carlos>     my $sendmail = "/usr/lib/sendmail -t -oi -f $to";
Carlos>     open(MAIL, " |$sendmail") || die "Can't start sendmail: $!";
Carlos>     print MAIL "From: $from\n";
Carlos>     print MAIL "To: $to\n";
Carlos>     print MAIL "Subject: $subject\n";
Carlos>     print MAIL $body;
Carlos>     close(MAIL);
Carlos> }

As coded, if I can provide $SENDER or $SUBJECT, I can also spam people.

Please don't invoke sendmail this way.  From Perl, there are safer
alternatives.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!