The F Command—File Form
The file form of the F configuration command (The F Class Command on page 857) can
be used to read sensitive information. That command
looks like this in the configuration file:
FX/path patThis form is used to read class macro entries from
files. It can cause problems through a
misunderstanding of the
scanf(3) pattern
pat. The
/path is the name of
the file, and the optional
pat is a pattern to be
used by scanf(3) (scanf(3) variations on page 858).
To illustrate the risk of the
pat, consider the
following configuration file entry:
Fw/etc/myhostnames %[^#]
Normally, the F
command reads only the first whitespace-delimited
word from each line of the file. But if the optional
pattern pat is specified,
the F command
instead reads one or more words from each line based
on the nature of the pattern. The pattern is used by
scanf(3) to extract words,
and the specific pattern used here, [^#], causes
scanf(3) to read everything
up to the first comment character (the #) from each line. This
pat allows multiple
hostnames to be conveniently listed on each line of
the file. Now assume that a new administrator, who
is not very familiar with
sendmail, decides to add an
F command to
gather a list of UUCP hosts from the
/etc/uucp/Systems file. Being
a novice, the new administrator copies the existing
entry for use with the new file:
FU/etc/uucp/Systems %[^#]
This is the same pattern that was correctly used for /etc/myhostnames. Unfortunately, the Systems file contains more than just ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
