On Mon, Dec 09, 2013 at 12:56:04PM -0500, Wietse Venema wrote:
> The real fix is not to process the above commands with the shell.
I would say "the one and only fix" which is not optional. You can
build argument arrays for execve(2) with externally supplied data
elements, but you must never build shell command lines with untrusted
content.
Shell-quoting the input reliably is simply too hard, avoid the shell
for command execution with any remotely supplied arguments (such
as in this case email addresses).
--
Viktor.
