Hi, I just received the new package and tried it. Thanks.
It detects unacceptable MAILTO/MAILFROM, but because unacceptable
values will cause an error later, issuing only a warning feels
inadequate to me.
For usability, perhaps it would be better to use check_error().
Currently, warnings could be missed since the exit status with
`-n` is still 0.
Something like:
case TRUE:
/* here MAILTO and MAILFROM are checked */
if (
strncmp(envstr, "MAILTO=", 7) == 0 ||
strncmp(envstr, "MAILFROM=", 9) == 0
){
if (! safe_p("", strstr(envstr,"=")+1)){
check_error("unsafe mail");
}
}
break;
The current safe_p() implementation may cause a syslog entry to be
generated with no associated username when called here, which feels
slightly wrong to me. It could be confusing to someone auditing logs
to see spurious "() UNSAFE MAIL" messages when `-n` is used.
-jonathan
