diff options
author | Stef Walter <stef@memberwebs.com> | 2004-11-26 23:15:42 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2004-11-26 23:15:42 +0000 |
commit | 1ff6f4ceba9b56980a1010434e5c3641c4c93048 (patch) | |
tree | f7b9019691a52fda9e1350ac28253d715fbae71c /scripts/add_header.sh | |
parent | 12c4436a96a3b4fb76b60c21b1819ba883ab9296 (diff) |
Add big scary warnings to scripts.
Diffstat (limited to 'scripts/add_header.sh')
-rw-r--r-- | scripts/add_header.sh | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/scripts/add_header.sh b/scripts/add_header.sh index 9a9af75..d4d524a 100644 --- a/scripts/add_header.sh +++ b/scripts/add_header.sh @@ -16,6 +16,26 @@ # See proxsmtpd.conf(5) for configuration details # +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# WARNING WARNING WARNING WARNING WARNING WARNING WARNING +# +# By using variables passed in from clamsmtpd in file +# manipulation commands without escaping their contents +# you are opening yourself up to REMOTE COMPROMISE. You +# have been warned. Do NOT do the following unless you +# want to be screwed big time: +# +# mv $EMAIL "$SENDER.eml" +# +# An attacker can use the above command to compromise your +# computer. The only variable that is guaranteed safe in +# this regard is $EMAIL. +# +# The following script does not escape its variables +# because it only uses them in safe ways. +# +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + # Pipe the email through this command formail -i "Subject: Changed subject from $SENDER ..." |