%F/%T warning.

svn path=/trunk/; revision=1626
author: Eric S. Raymond <esr@thyrsus.com> 1998-02-15 05:34:22 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 1998-02-15 05:34:22 +0000
commit: 7768660f871adb19e15c78b85c0b5b66aa537e20 (patch)
tree: 032b49c98ae8e0d646427ccd6bd15493029eb73d
parent: 2aa3c11b14c9b0b91ae720b0f1cb7b88f5a0f55d (diff)
download: fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.tar.gz
fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.tar.bz2
fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/fetchmail.man b/fetchmail.man
index 885e52df..13985684 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1517,6 +1517,14 @@ snooping is still possible if (a) either host has a network device
 that can be opened in promiscuous mode, or (b) the intervening network
 link can be tapped.
 .PP
+Use of the %F or %T escapes in an mda option could open a security
+hole, because they pass text manipulable by an attacker to a shell
+command.  The hole is reduced by the fact that fetchmail temporarily
+discards any suid privileges it may have while running the MDA.  To
+avoid potential problems, (1) enclose the %F and %T options in single
+quotes, (2) never use an mda command containing %F or %T when
+fetchmail is run from the root account itself.
+.PP
 Send comments, bug reports, gripes, and the like to Eric S. Raymond
 <esr@thyrsus.com>.  An HTML FAQ is available at the fetchmail home
 page; surf to http://www.ccil.org/~esr/fetchmail or do a WWW search
author	Eric S. Raymond <esr@thyrsus.com>	1998-02-15 05:34:22 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	1998-02-15 05:34:22 +0000
commit	7768660f871adb19e15c78b85c0b5b66aa537e20 (patch)
tree	032b49c98ae8e0d646427ccd6bd15493029eb73d
parent	2aa3c11b14c9b0b91ae720b0f1cb7b88f5a0f55d (diff)
download	fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.tar.gz fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.tar.bz2 fetchmail-7768660f871adb19e15c78b85c0b5b66aa537e20.zip