Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: send email module

by Paladin (Vicar)
on Aug 28, 2020 at 20:54 UTC ( #11121159=note: print w/replies, xml ) Need Help??

in reply to send email module

The solution is not to remove -T, but to fix $ENV{PATH} (and possibly others) before using system, exec, etc (which the sendmail modules use to call sendmail).

From perldiag:

Insecure $ENV{%s} while running %s
        (F) You can't use system(), exec(), or a piped open in a setuid or
        setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
        $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
        supplied (or potentially supplied) by the user. The script must set
        the path to a known value, using trustworthy data. See perlsec.

Replies are listed 'Best First'.
Re^2: send email module
by bigup401 (Pilgrim) on Aug 28, 2020 at 21:07 UTC

    how can you do that while your running on shared server with restrictions and limited privileges on server

    so all send mail modules use -t to call send mail option

      How about this:

      PATH={trustworthy:path} sendmail_script <ARGS>

        thanks, i solved my problem with this

        $ENV{'PATH'} = '/usr/sbin/sendmail';

        tho i never thought that all mail modules use -t command for mail sending, thats why i asked if there any module which dont use -t command for mail sending

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11121159]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2023-12-02 18:28 GMT
Find Nodes?
    Voting Booth?
    What's your preferred 'use VERSION' for new CPAN modules in 2023?

    Results (18 votes). Check out past polls.