summaryrefslogtreecommitdiff
path: root/scripts/add_header.sh
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/add_header.sh')
-rw-r--r--scripts/add_header.sh20
1 files changed, 20 insertions, 0 deletions
diff --git a/scripts/add_header.sh b/scripts/add_header.sh
index 9a9af75..d4d524a 100644
--- a/scripts/add_header.sh
+++ b/scripts/add_header.sh
@@ -16,6 +16,26 @@
# See proxsmtpd.conf(5) for configuration details
#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+#
+# By using variables passed in from clamsmtpd in file
+# manipulation commands without escaping their contents
+# you are opening yourself up to REMOTE COMPROMISE. You
+# have been warned. Do NOT do the following unless you
+# want to be screwed big time:
+#
+# mv $EMAIL "$SENDER.eml"
+#
+# An attacker can use the above command to compromise your
+# computer. The only variable that is guaranteed safe in
+# this regard is $EMAIL.
+#
+# The following script does not escape its variables
+# because it only uses them in safe ways.
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
# Pipe the email through this command
formail -i "Subject: Changed subject from $SENDER ..."