Ticket 151 - strip leading '-' for mailcap sanitize

Kevin J. McCarthy kevin at 8t8.us
Fri Jun 21 21:09:53 UTC 2019


On Fri, Jun 21, 2019 at 03:43:57PM -0500, Derek Martin wrote:
>But regardless, it does beg the question whether, after about 25 years 
>of no one bringing it up, we really need to consider making a change 
>here. I'm not necessarily opposed but as you know, I generally favor a 
>policy of "make changes conservatively, measuring the utility of the 
>change against the risk of chainging things."

I'm poking around the code right now, and I've already found an argument 
against replacing *all* "-" with "_".  The same function is also used 
for the output of %{} (e.g. %{charset}), and %t (content type).  Both of 
these can have "-" in them.

The issue, though, is that the filename isn't always under the user's 
control.  It has been a very long time without issue, but is there a 
possibility of program argument abuse that could lead to a security 
issue here?

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190621/7c562807/attachment.asc>


More information about the Mutt-dev mailing list