Disclaimer variables passed from amavis to altermime.
Zhang Huangbin
zhbmaillistonly at gmail.com
Mon Jul 2 03:20:08 CEST 2012
On Monday, July 2, 2012 at 4:20 AM, Mark Martinec wrote:
> If you know that the invoked altermime or its lookalike script
> will not be fooled by an untrusted command line argument,
> a hack could be to replace:
> $disclaimer_options = $opt;
> by:
> $disclaimer_options = untaint($opt);
> in sub prepare_modified_mail, file amavisd.
Will this replacement (untaint($opt)) the default one in next release?
Or we have to modify it manually every time?
----
Zhang Huangbin
iRedMail: Open Source Mail Server Solution for Red Hat Enterprise Linux,
CentOS, Scientific Linux, Debian, Ubuntu, Mint, Gentoo, openSUSE,
FreeBSD, OpenBSD: http://www.iredmail.org/
More information about the amavis-users
mailing list