From owner-cvs-all  Sun Nov 25  7:14:44 2001
Delivered-To: cvs-all@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP
	id AF92937B419; Sun, 25 Nov 2001 07:14:38 -0800 (PST)
Received: from shade.nectar.com (shade.nectar.com [10.0.1.110])
	by gw.nectar.com (Postfix) with ESMTP
	id CBC6C5A; Sun, 25 Nov 2001 09:14:36 -0600 (CST)
Received: (from nectar@localhost)
	by shade.nectar.com (8.11.6/8.11.6) id fAPFEYx00702;
	Sun, 25 Nov 2001 09:14:34 -0600 (CST)
	(envelope-from nectar)
Date: Sun, 25 Nov 2001 09:14:33 -0600
From: "Jacques A. Vidrine" <n@nectar.com>
To: Maxim Sobolev <sobomax@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: projects/mfcns/handler MFCns_handler.py
Message-ID: <20011125151432.GA630@shade.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	Maxim Sobolev <sobomax@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
References: <200111250003.fAP03ZQ19248@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200111250003.fAP03ZQ19248@freefall.freebsd.org>
User-Agent: Mutt/1.3.23.1i
X-Url: http://www.nectar.com/
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Sat, Nov 24, 2001 at 04:03:35PM -0800, Maxim Sobolev wrote:
> sobomax     2001/11/24 16:03:35 PST
> 
>   Modified files:
>     mfcns/handler        MFCns_handler.py 
>   Log:
>   Be more strict about what's allowed as a mail address to which notification
>   is to be sent. Particularly, disallow any of the shell meta-characters,
>   because this address is then passed to a system(3)-like routite, which
>   potentially may be eploited to execute arbitrary commands on a system at
>   which service is running.
>   
>   Revision  Changes    Path
>   1.11      +6 -0      projects/mfcns/handler/MFCns_handler.py

Not that  it probably matters  much here, but this  is a pet  peeve of
mine:  when  applications  disallow perfectly  valid  email  addresses
because the  author for whatever  reason doesn't properly  handle some
characters.  This most  often bites me whenever I use  an address such
as <n+some-spam-tracking-id@nectar.com>.   Often the `+'  confuses the
script or is bounced outright.

The following characters are all valid  for the local part of an email
address: [a-zA-Z0-9!#$%&'*+/=?^_`{|}~.-].  See RFC 822 (or 2822).

Cheers,
-- 
Jacques A. Vidrine <n@nectar.com>                   http://www.nectar.com/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message