Re: [exim-dev] [Bug 1604] string-expansion method for readin…

Góra strony
Delete this message
Reply to this message
Autor: Jasen Betts
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] [Bug 1604] string-expansion method for reading environment variable
On 2015-05-17, admin@??? <admin@???> wrote:
> https://bugs.exim.org/show_bug.cgi?id=1604
>
> --- Comment #1 from Jeremy Harris <jgh146exb@???> ---
> Is there a security implication, as a setuid program trusting environment info
> set up by its callers?


No more than trusting command-line arguments, or input (eg email
headers), provided by the callers.

--
umop apisdn