Re: send email module

The solution is not to remove -T, but to fix $ENV{PATH} (and possibly others) before using system, exec, etc (which the sendmail modules use to call sendmail).

From perldiag:

Insecure $ENV{%s} while running %s
        (F) You can't use system(), exec(), or a piped open in a setuid or
        setgid script if any of $ENV{PATH}, $ENV{IFS}, $ENV{CDPATH},
        $ENV{ENV}, $ENV{BASH_ENV} or $ENV{TERM} are derived from data
        supplied (or potentially supplied) by the user. The script must set
        the path to a known value, using trustworthy data. See perlsec.

Comment on Re: send email module Select or Download Code

Replies are listed 'Best First'.
Re^2: send email module by bigup401 (Pilgrim) on Aug 28, 2020 at 21:07 UTC
how can you do that while your running on shared server with restrictions and limited privileges on server so all send mail modules use -t to call send mail option	[reply]
Re^3: send email module by gnosti (Chaplain) on Aug 28, 2020 at 21:18 UTC
How about this: `PATH={trustworthy:path} sendmail_script <ARGS>` [download]	[reply] [d/l]
Re^4: send email module by bigup401 (Pilgrim) on Aug 28, 2020 at 21:54 UTC
thanks, i solved my problem with this `$ENV{'PATH'} = '/usr/sbin/sendmail';` [download] tho i never thought that all mail modules use -t command for mail sending, thats why i asked if there any module which dont use -t command for mail sending	[reply] [d/l]
Re^5: send email module by jcb (Parson) on Aug 28, 2020 at 23:50 UTC