9.5. mailx and mail
mailx and mail are other popular options for sending email. Some people even argue that they are more secure than sendmail. It is true that because sendmail is such a large, complicated program, and because it runs as root, it has been the source of a number of security holes over the years. However, the notion that it is a less secure option in CGI scripts is a dubious one. One serious problem with mailx and mail is that they allow tilde escapes: any line in the body of the message beginning with ~! is executed as a command. Many versions do attempt to detect whether they are being run by a user on a terminal and disable tilde escapes otherwise, but this is a serious potential risk.
A second problem with mailx and mail is that they offer nothing comparable to sendmail 's -t option. Thus, if you want to use mail, for example, you must use the fork and exec trick we described in the last chapter:
open MAIL "|-" or exec( "/bin/mail", $email ) or die "Cannot exec mail $!";
Finally, mailx and mail also lack the useful options we discussed with sendmail, such as overriding the sender.
Copyright © 2001 O'Reilly & Associates. All rights reserved.