summaryrefslogtreecommitdiff
path: root/scripts/add_header.sh
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-11-26 23:15:42 +0000
committerStef Walter <stef@memberwebs.com>2004-11-26 23:15:42 +0000
commit1ff6f4ceba9b56980a1010434e5c3641c4c93048 (patch)
treef7b9019691a52fda9e1350ac28253d715fbae71c /scripts/add_header.sh
parent12c4436a96a3b4fb76b60c21b1819ba883ab9296 (diff)
Add big scary warnings to scripts.
Diffstat (limited to 'scripts/add_header.sh')
-rw-r--r--scripts/add_header.sh20
1 files changed, 20 insertions, 0 deletions
diff --git a/scripts/add_header.sh b/scripts/add_header.sh
index 9a9af75..d4d524a 100644
--- a/scripts/add_header.sh
+++ b/scripts/add_header.sh
@@ -16,6 +16,26 @@
# See proxsmtpd.conf(5) for configuration details
#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+#
+# By using variables passed in from clamsmtpd in file
+# manipulation commands without escaping their contents
+# you are opening yourself up to REMOTE COMPROMISE. You
+# have been warned. Do NOT do the following unless you
+# want to be screwed big time:
+#
+# mv $EMAIL "$SENDER.eml"
+#
+# An attacker can use the above command to compromise your
+# computer. The only variable that is guaranteed safe in
+# this regard is $EMAIL.
+#
+# The following script does not escape its variables
+# because it only uses them in safe ways.
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
# Pipe the email through this command
formail -i "Subject: Changed subject from $SENDER ..."