send email module

bigup401 has asked for the wisdom of the Perl Monks concerning the following question:

any send mail module i can use to send plain text mails, because all sendmail modules i use am just getting this error, and am not willing to remove T switch from my script

Insecure $ENV{PATH} while running with -T switch at /usr/local/share/p
+erl/5.26.1/Email/Sender/Transport/Sendmail.pm line 77.
[download]

Comment on send email module Download Code

Replies are listed 'Best First'.
Re: send email module by Paladin (Vicar) on Aug 28, 2020 at 20:54 UTC
The solution is not to remove -T, but to fix `$ENV{PATH}` (and possibly others) before using `system`, `exec`, etc (which the sendmail modules use to call sendmail). From perldiag: Insecure $ENV{%s} while running %s (F) You can't use system(), exec(), or a piped open in a setuid or setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH}, $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data supplied (or potentially supplied) by the user. The script must set the path to a known value, using trustworthy data. See perlsec.	[reply] [d/l] [select]
Re^2: send email module by bigup401 (Pilgrim) on Aug 28, 2020 at 21:07 UTC
how can you do that while your running on shared server with restrictions and limited privileges on server so all send mail modules use -t to call send mail option	[reply]
Re^3: send email module by gnosti (Chaplain) on Aug 28, 2020 at 21:18 UTC
How about this: `PATH={trustworthy:path} sendmail_script <ARGS>` [download]	[reply] [d/l]
Re^4: send email module by bigup401 (Pilgrim) on Aug 28, 2020 at 21:54 UTC
Re^5: send email module by jcb (Parson) on Aug 28, 2020 at 23:50 UTC


Come for the quick hacks, stay for the epiphanies.
	PerlMonks