Thinking more about this, wouldn't invoking /bin/bash actually increase
the attack potential, by allowing for backticks and $() to execute via
user-supplied data?
Also, it's not clear to me that ${quote} escapes backticks or $().
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056372
Title:
Enabling SPF checks with CHECK_RCPT_SPF doesn't work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/2056372/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
