1.2 on page 857) can be used to
read sensitive information. That command looks like this in the configuration file:
FX/path pat
This form is used to read class macro entries from files. It can cause problems
through a misunderstanding of the scanf(3) pattern pat. Th e/path is the name of the
file, and the optional pat is a pattern to be used by scanf(3) (?§22.1.2.1 on page 858).
To illustrate the risk of the pat, consider the following configuration file entry:
Fw/etc/myhostnames %[^#]
Normally, the F command reads only the first whitespace-delimited word from each
line of the file. But if the optional pattern pat is specified, the F command instead
reads one or more words from each line based on the nature of the pattern. The pattern
is used by scanf(3) to extract words, and the specific pattern used here, [^#],
causes scanf(3) to read everything up to the first comment character (the #) from
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
4.4 The Configuration File | 161
eachline. This pat allows multiple hostnames to be conveniently listed on each line
of the file. Now assume that a new administrator, who is not very familiar with sendmail,
decides to add an F command to gather a list of UUCP hosts from the /etc/uucp/
Systems file. Being a novice, the new administrator copies the existing entry for use
with the new file:
FU/etc/uucp/Systems %[^#]
This is the same pattern that was correctly used for /etc/myhostnames.
Pages:
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313