Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Trimming a mailbox

by thargas (Deacon)
on Feb 13, 2012 at 12:01 UTC ( #953445=note: print w/ replies, xml ) Need Help??

in reply to Trimming a mailbox

Do you realize that this is subject to injection attack? If I send you a message with a "date" header looking like:

Date: "; echo hacked::0:1:Haxor:/:/bin/sh >>/etc/passwd;

I've added a new root user called hack with no password to your machine. I won't claim this would get me access to the machine (it wouldn't even tell me which machine it has hacked), but it ought to make you consider doing this some other way.

Comment on Re: Trimming a mailbox
Download Code
Re^2: Trimming a mailbox
by oko1 (Deacon) on Feb 13, 2012 at 18:02 UTC

    You're right!... barring a few insignificant factors, that is. Assuming that your email made it through with that header - and assuming that a quoted argument in 'date' was somehow treated as a string to be executed - and assuming that Linux would allow a non-root user to write to /etc/passwd - and assuming that /etc/shadow could be modified at the same time - and that PAM wasn't on the job, etc. ... you would be right. But those factors do, indeed, apply.

    It would, however, make sense to validate that string. Thanks for that hint. :)

    I hate storms, but calms undermine my spirits.
     -- Bernard Moitessier, "The Long Way"

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://953445]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2014-12-19 03:21 GMT
Find Nodes?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?

    Results (70 votes), past polls