procmail (in)security
Fred Yankowski
fred at ontosys.com
Fri Mar 7 18:14:35 CET 2003
On Fri, Mar 07, 2003 at 07:40:11AM -0500, Todd Underwood wrote:
> 2) use something like procmail that has these kinds of properties
> (procmail has historically been a security disaster, so i would stay away
> from it if possibly--consider maildrop).
What's your basis for calling procmail a security disaster? I use
procmail all the time and, if you're right, I want to know what risks
I'm taking. I already know that procmail's "recipe" language is
confusing, but in what ways is it insecure?
--
Fred Yankowski fred at ontosys.com tel: +1.630.879.1312
OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370
www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
More information about the Bogofilter
mailing list