There's a popular perl script for processing web forms into emails. It has some checks to make sure it cannot be used to send spam. Except that it didn't check enough.
The Subject form field can be exploited to send a spam message by sending a subject, followed by a \n and then the headers and body of a spam message. This has been fixed in this version. But the subtag field may still be used to explot this script (maybe, I haven't tried it).
So, it pays to go over what you are posting on your webpage, especially if it was written by someone else.
Sunday, February 12, 2006
Backwards compatibility?
One of the great features of Unix is that the small apps that you use to build applications change very slowly, if at all, over time. ESR makes the point in "The Art of Unix Programming" that programs should maintain compatibility. Well, I guess that's no longer true. I'm trying to build some rpms for one of my projects and both tar and rpmbuild no longer work the same way they did a year ago (yep, the code is stable and I haven't built a new release in over a year).
tar has changed how 'strict' it is about accepting arguments like --exclude. It used to handle it fine if they were at the end of the argument list. No longer. And rpmbuild is barfing on the Copyright: entry in the .spec file of all things.
I really, really dislike fighting with my tools. Especially on Unix which has historically been the most stable and reliable of the OSes.
tar has changed how 'strict' it is about accepting arguments like --exclude. It used to handle it fine if they were at the end of the argument list. No longer. And rpmbuild is barfing on the Copyright: entry in the .spec file of all things.
I really, really dislike fighting with my tools. Especially on Unix which has historically been the most stable and reliable of the OSes.
Subscribe to:
Comments (Atom)
