Back to Security Pattern Catalog

Content Dependent Processing

Classification Key : Core Security, Elevation of Privilege


In an MTA, the body of a message should not be used for any other purposes. If messages can be sent to files and programs, and the files are overwritten by message content or the programs execute with message content as parameter, then an abuser can send messages with malicious content to utilize this feature for his benefit. How can a mail program be made secure so that the message content cannot be used maliciously?


Treat the received contents as mail message only and do not perform any processing on them. Even when treating programs and files as addresses, minimize the impact by using less-privileged user to execute.

Known Uses

In qmail, a mail cannot be sent to a program or a file, it only contains message content.


Hafiz et. al.


Mail Address, Mail Message Content


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz