Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: send email module

by Paladin (Vicar)
on Aug 28, 2020 at 20:54 UTC ( #11121159=note: print w/replies, xml ) Need Help??


in reply to send email module

The solution is not to remove -T, but to fix $ENV{PATH} (and possibly others) before using system, exec, etc (which the sendmail modules use to call sendmail).

From perldiag:

Insecure $ENV{%s} while running %s
        (F) You can't use system(), exec(), or a piped open in a setuid or
        setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
        $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
        supplied (or potentially supplied) by the user. The script must set
        the path to a known value, using trustworthy data. See perlsec.

Replies are listed 'Best First'.
Re^2: send email module
by bigup401 (Pilgrim) on Aug 28, 2020 at 21:07 UTC

    how can you do that while your running on shared server with restrictions and limited privileges on server

    so all send mail modules use -t to call send mail option

      How about this:

      PATH={trustworthy:path} sendmail_script <ARGS>

        thanks, i solved my problem with this

        $ENV{'PATH'} = '/usr/sbin/sendmail';

        tho i never thought that all mail modules use -t command for mail sending, thats why i asked if there any module which dont use -t command for mail sending

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11121159]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2022-05-22 01:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (78 votes). Check out past polls.

    Notices?