mailx and mail are other popular options for sending email. Some people even argue that they are more secure than sendmail. It is true that because sendmail is such a large, complicated program, and because it runs as root, it has been the source of a number of security holes over the years. However, the notion that it is a less secure option in CGI scripts is a dubious one. One serious problem with mailx and mail is that they allow tilde escapes: any line in the body of the message beginning with ~! is executed as a command. Many versions do attempt to detect whether they are being run by a user on a terminal and disable tilde escapes otherwise, but this is a serious potential risk.
A second problem with mailx and mail is that they offer nothing comparable to sendmail 's -t option. Thus, if you want to use mail, for example, you must use the fork and exec trick we described in the last chapter:
open MAIL "|-" or exec( "/bin/mail", $email ) or die "Cannot exec mail $!";
Finally, mailx and mail also lack the useful options we discussed with sendmail, such as overriding the sender.
Copyright © 2001 O'Reilly & Associates. All rights reserved.
This HTML Help has been published using the chm2web software. |