[web-devel] path to sendmail

[Jeremy Shaw]

Hello,

I have a web application which needs to send mail using sendmail.

However, the way the system is configured, sendmail is not in the web
server's $PATH.

There are two fixes for this -- change the init script so that sendmail is
in the $PATH -- or modify the web server so that the admin can set the path
to sendmail via the control panel.

At first the second option sounds good. But I wonder about the security
implications. If someone manages to get the password for the admin control
panel -- they could change the path to sendmail to something else -- like
`vim` or `gcc` and then somehow craft a message that would place a backdoor
on the system.

Now, given that the input to the message is going to be a mime message that
sounds pretty difficult. But, then again, in December tons of Joomla sites
were open to an exploit where a malformed user-agent header allowed hackers
to execute arbitrary code.

Although in this case I care about sendmail, this is clearly an issue for
any web application that depends on external binaries like pandoc, etc.

In my use case, I am dealing with a CMS and I assume the poor user doesn't
know anything about Haskell, init scripts, ssh, etc. So, allowing the
location to be changed via the admin panel makes things easier because it
can be adapted to any distribution. (Clearly, I would start by checking the
most common locations, but provide an escape hatch for oddballs).

But I don't like the idea of providing a potential attack vector.

Any thoughts ?

- jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/web-devel/attachments/20160209/d3a6cd51/attachment.html>