Security: Mutt and mailcap rules

Vincent Lefevre vincent at
Sun Jun 23 10:36:07 UTC 2019

On 2019-06-23 14:44:36 +1000, Cameron Simpson wrote:
> Were it a simple filename it would all be easy. Maybe a chdir(tmpdir)
> before running the shell command with a simple filename?

I'm not sure whether this is a good idea. The temporary directory
may be (and often is) world-writable, and on multi-user machines,
this increases the risk of vulnerability. For instance, some
programs may consider configuration files in the current working
directory, and/or may write/re-read files there.

Vincent Lefèvre <vincent at> - Web: <>
100% accessible validated (X)HTML - Blog: <>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

More information about the Mutt-dev mailing list