Back to Security Pattern Catalog




Content Dependent Processing


Classification Key : Core Security, Elevation of Privilege

Problem

In an MTA, the body of a message should not be used for any other purposes. If messages can be sent to files and programs, and the files are overwritten by message content or the programs execute with message content as parameter, then an abuser can send messages with malicious content to utilize this feature for his benefit. How can a mail program be made secure so that the message content cannot be used maliciously?

Solution

Treat the received contents as mail message only and do not perform any processing on them. Even when treating programs and files as addresses, minimize the impact by using less-privileged user to execute.

Known Uses

In qmail, a mail cannot be sent to a program or a file, it only contains message content.

Source

Hafiz et. al.

Tags

Mail Address, Mail Message Content


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz