You wrote: > >Make some kind of generic function that will check the incoming > >string. Allow NO Unix shell-characters ; : & > < and you will be > >fine. > > This is not a good approach to programming a secure environment. > You should decide what consists of a vaild set of characters and > allow only characters from that set, rather than deciding which > characters aren't allowed. Its much safer building from the empty > set, than removing from a full set. Just check that each character > is in the set { [a-zA-Z][0-9].@_ } (and maybe a couple other > characters). Fork/exec will also improve safety by bypassing > shells. In my opinion fork is no option in MUDs it may severely lag the host by duplicating the whole memory image of the MUD (probably including swapped out pages) If its not a copy-on-write OS. There is another option however: use sendmail Make an ascii email file with some mailheaders (To: ...) Then call in your program system("sendmail < Myfile.txt &"); That's all and save. Cat. +-----------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://cspo.queensu.ca/~fletcher/Circle/list_faq.html | +-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/18/00 PST