Autor: Phil Pennock Data: Dla: exim-users Temat: Re: [exim] Too Many Arguments
On 2007-12-05 at 16:41 -0800, Marc Perkel wrote: > I guess one thing I don't understand is why Exim is counting the
> parameters and not just passing the string as is.
Because that's how security holes happen. What if one of those strings
contained `cmd` substitution? etc etc.
Exim breaks up to separate parameters and passes each data item in via
argv directly, so that there's no shell in the way unless you set
use_shell; it also refuses to provide that interface for ${run}.
> Also, one of the things I'm doing is passing what is essentially
> comments on the command line that go into a log file. Usually these
> strings are reasonable sizes but sometimes they can get pretty long.
> Anyhow - I think there is a bug because this error isn't exactly graceful.
Yes it is. It produces an error message explaining exactly what was
wrong.
Memo to self: put 30000 PTR records on an IP in DNS and send email to
Marc from that IP.