Security: Mutt and mailcap rules
cs at cskk.id.au
Sun Jun 23 04:44:36 UTC 2019
On 22Jun2019 20:29, Kevin J. McCarthy <kevin at 8t8.us> wrote:
>On Sun, Jun 23, 2019 at 08:55:38AM +1000, Cameron Simpson wrote:
>>I'm happy to try to make some time to understand the mutt code and
>>suggest a patch if there's agreement about this.
>By the way, please don't mistake our initial pushback against your
>ideas today for pushback against *you* working towards contributing.
>I would be delighted if you want to poke around the code and suggest
>some patches. Feel free, even, to prove me wrong about the quoting
>idea; perhaps there is something inbetween worth considering.
Your point about $tmpdir being an arbitrary path which needs to work is
telling, and I hadn't realised its implications. Needs thought.
Were it a simple filename it would all be easy. Maybe a chdir(tmpdir)
before running the shell command with a simple filename?
Anyway, I'll think about ways to make this kind of thing robust.
Cameron Simpson <cs at cskk.id.au>
More information about the Mutt-dev