Security: Mutt and mailcap rules
vincent at vinc17.org
Sun Jun 23 10:36:07 UTC 2019
On 2019-06-23 14:44:36 +1000, Cameron Simpson wrote:
> Were it a simple filename it would all be easy. Maybe a chdir(tmpdir)
> before running the shell command with a simple filename?
I'm not sure whether this is a good idea. The temporary directory
may be (and often is) world-writable, and on multi-user machines,
this increases the risk of vulnerability. For instance, some
programs may consider configuration files in the current working
directory, and/or may write/re-read files there.
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Mutt-dev