[1315] in Moira
Re: Allow / in email address
daemon@ATHENA.MIT.EDU (Mark Rosenstein)
Thu Feb 3 18:41:59 2000
Date: Thu, 3 Feb 2000 18:41:53 -0500 (EST)
Message-Id: <200002032341.SAA05025@actwin.com>
From: Mark Rosenstein <mar@actwin.com>
To: rbasch@MIT.EDU
Cc: moiradev@MIT.EDU
In-Reply-To: <200002032336.SAA11681@aupair.mit.edu> (message from Robert A
Basch on Thu, 03 Feb 2000 18:36:51 -0500)
Actually, there's a big problem with slashes in the aliases file.
That's why I originally disallowed them. Consider the mail address
"/etc/passwd", which would cause sendmail to append to that file. Or
"|/bin/sh rm -r /" as an address. No, you can't put things like this
in the To: field of a message and do any damage, but in the system
aliases file they can do a lot of damage.
Yes, I've been evesdropping all these years...
-Mark
