Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: send email module

by Paladin (Vicar)
on Aug 28, 2020 at 20:54 UTC ( [id://11121159]=note: print w/replies, xml ) Need Help??


in reply to send email module

The solution is not to remove -T, but to fix $ENV{PATH} (and possibly others) before using system, exec, etc (which the sendmail modules use to call sendmail).

From perldiag: 

Insecure $ENV{%s} while running %s
        (F) You can't use system(), exec(), or a piped open in a setuid or
        setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
        $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
        supplied (or potentially supplied) by the user. The script must set
        the path to a known value, using trustworthy data. See perlsec.

Replies are listed 'Best First'.
Re^2: send email module
by bigup401 (Pilgrim) on Aug 28, 2020 at 21:07 UTC

    how can you do that while your running on shared server with restrictions and limited privileges on server

    so all send mail modules use -t to call send mail option

[reply]
      How about this: 

      PATH={trustworthy:path} sendmail_script <ARGS>

      [download]
[reply]
[d/l]

        thanks, i solved my problem with this

        $ENV{'PATH'} = '/usr/sbin/sendmail';

        [download]

        tho i never thought that all mail modules use -t command for mail sending, thats why i asked if there any module which dont use -t command for mail sending

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11121159]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (5)
As of 2024-04-23 09:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found