On 24.01.2007 16:09, Petr Janda wrote:
> Im trying to figure out something. If I had Postfix execute a ruby
> script that says
> 
> Kernel.exec "/usr/sbin/sendmail -i -f #{@sender} -- #{@recipient}"
> 
> would this be a huge security risk? to me it seems so because if you had
> a specially crafted email address you could execute a different command.
> How to protect against it?

As always with input parameters: verify them.  Make sure those variables 
contain what you expect / want to allow them to.

Kind regards

	robert