diff options
| author | bwarsaw | 2000-06-01 03:01:34 +0000 |
|---|---|---|
| committer | bwarsaw | 2000-06-01 03:01:34 +0000 |
| commit | 88f287bd6a61c5151b694742cc002696b99285f2 (patch) | |
| tree | 77f60d8adc739a5bd87c090cc3fc4e9154678d1b /Mailman/Handlers/Sendmail.py | |
| parent | 9bfa40f779a00f071723be26724231fbfa0521f9 (diff) | |
| download | mailman-88f287bd6a61c5151b694742cc002696b99285f2.tar.gz mailman-88f287bd6a61c5151b694742cc002696b99285f2.tar.zst mailman-88f287bd6a61c5151b694742cc002696b99285f2.zip | |
Diffstat (limited to 'Mailman/Handlers/Sendmail.py')
| -rw-r--r-- | Mailman/Handlers/Sendmail.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Mailman/Handlers/Sendmail.py b/Mailman/Handlers/Sendmail.py index 6beebca9e..a417993b6 100644 --- a/Mailman/Handlers/Sendmail.py +++ b/Mailman/Handlers/Sendmail.py @@ -22,6 +22,11 @@ expected that sendmail handles final delivery, message queueing, etc. The recipient list is only trivially split so that the command line is less than about 3k in size. +SECURITY WARNING: Because this module uses os.popen(), it goes through the +shell. This module does not scan the arguments for potential exploits and so +it should be considered unsafe for production use. For performance reasons, +it's not recommended either -- use the SMTPDirect delivery module instead. + """ import string |