Security: Mutt and mailcap rules

Cameron Simpson cs at
Sun Jun 23 04:44:36 UTC 2019

On 22Jun2019 20:29, Kevin J. McCarthy <kevin at> wrote:
>On Sun, Jun 23, 2019 at 08:55:38AM +1000, Cameron Simpson wrote:
>>I'm happy to try to make some time to understand the mutt code and 
>>suggest a patch if there's agreement about this.
>By the way, please don't mistake our initial pushback against your 
>ideas today for pushback against *you* working towards contributing.  
>I would be delighted if you want to poke around the code and suggest 
>some patches.  Feel free, even, to prove me wrong about the quoting 
>idea; perhaps there is something inbetween worth considering.

Your point about $tmpdir being an arbitrary path which needs to work is 
telling, and I hadn't realised its implications. Needs thought.

Were it a simple filename it would all be easy. Maybe a chdir(tmpdir) 
before running the shell command with a simple filename?

Anyway, I'll think about ways to make this kind of thing robust.

Cameron Simpson <cs at>

More information about the Mutt-dev mailing list