[4354] in WWW Security List Archive
Re: Perl System Call HACKS
daemon@ATHENA.MIT.EDU (James B. Davis)
Tue Feb 11 14:39:08 1997
Date: Tue, 11 Feb 1997 09:37:06 -0600
From: james@odie.tci.com (James B. Davis)
To: jeffm@sgiserv3.aws.waii.com, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>
> Is there a FAQ or information giving some examples as to the way
> a perl script that executes sendmail via a PERL system call can
> be hacked?
>
> What strings are going to be malicious to the sendmail execution?
> Is there a work-around?
>
> You may eMail me directly at jeff.middleton@waii.com.
>
> Thanks in advance.
>
For perl, gander at the CPAN of your choice (or via www.perl.org)
and scan for the MailTools modules. There are demos in the pkg
and nice documentation. You can send, forward and reply till the
cows come home. Nifty. Neato. Nuff said.
james
---
James B. Davis
Sr. System Administrator _/_/_/_/_/ _/_/ _/_/_/
TELE-COMMUNICATIONS, Inc. _/ _/ _/ _/
AIT Southern Data Center _/ _/ _/
1776 N Greenville Ave _/ _/ _/
Richardson, TX 75081 _/ _/ _/ _/
(972) 907-4003 _/ _/_/ _/_/_/
Operations (972) 907-4100 - FAX (972) 907-4005
mailto:davis.james@tci.com http://www.tci.com/~james
