[Mailman-Users] Shell meta-characters

[gagel at cnc.bc.ca]

The question is simple enough, so I ask it again. Is the sendmail
interface safe from addresses that contain shell meta-characters?

I an unable to determine from the long list of messages or doing a
search in the archives whether or not the problem had been corrected.

The mailman code warns not to use the sendmail but use the smtp method
because sendmail is not secure. postfix users are warning me that
mailman can lead to a compromise if a meta-character is used in the
address. postfix users are also saying this should have been fixed by
now in mailman but I'd like some confirmation.

Anyone familiar with the code care to answer this?

----- Original Message Follows -----
> On Mon, 2003-12-22 at 16:58, gagel at cnc.bc.ca wrote:
> > I have not had any response to this. Can anyone speak to this at
> > all? 
> > 
> > ----- Original Message Follows -----
> > > Can someone tell me if the mailman 2.1.3 sendmail interface is
> > > safe from addresses that contain shell meta-characters?
> > > 
> 
> Cast a stone into the water
> Observe the ripples as they flow forth
> What does this tell you
> 
> Time passes and you move on
> Yet the ripples remain
> messages from a stone now gone
> 
> A wise man follows
> seeing not only the ripples
> but the stone that lies beneath the waves
> 
> How long do you remark upon the ripples
> before you see the stone?
> http://www.mail-archive.com/mailman-users%40python.org/
> 
> <I have never had problems with shell meta-characters and Mailman -
> this too is found in the archives, should you wish to converse with
> the past>
> 
> Jon Carnes
> 

====================
Kevin W. Gagel
Network Administrator
(250) 561-5848 local 448
(250) 562-2131 local 448

--------------------------------------------------------------
The College of New Caledonia, Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
--------------------------------------------------------------