On 02/09/2016 01:26 PM, David Turner wrote:
Hi,
You could put the ability to change the setting on "the other side of the airtight hatchway" as Raymond Chen might say:
It's worth providing a link to this since it's hard to find the original in Google: https://blogs.msdn.microsoft.com/oldnewthing/20060508-22/?p=31283/ There's really not much you can do about this except perhaps simply require that sendmail be in the path, and even that is subject to concerns about whether the path is set up securely. It isn't really your program's problem to make sure the system it's running on is set up securely; it is neither capable of correctly and safely determining the answer to that question, nor fixing it if it could. Disclaimer: I actually work in computer security. This isn't an uninformed dismissal; this is an informed dismissal. :) In particular the last line of the previous paragraph is a core part of my point. If that wasn't true I might have a different opinion, but at the point where we're discussing a system that can't trust that sendmail is actually sendmail, you've already lost. The only thing you can do is ensure that changing the path really and truly requires the proper authorization and there's no way to trick that system.