On Tue, 23 Nov 2004 20:55:04 PST, Bill Wohler said:
In any event, quietly overwriting an existing file (especially if the file existed outside of the message already) should be prevented.
Also, if we're extending the functionality, we should include the following checks: 1) Filter the pathname for .. and absolute pathnames - or possibly totally ignore all path information and save the base filename in Mail/ 2) Never automagically save a file with a name starting with '.' (These are a security threat - I've heard of more than one person who's gotten their machine hacked because somebody sent them an attachment called '~/.rhosts' that contained a '+ +'. And before you say that's an old worn-out trick, note that on modern Unixoids if you have an sshd running there's often fun to be had by mailing a customized file and calling it 'foo/../../../home/<victim>/.ssh/authorized-keys' or something like that.. ;) Hmm.. maybe forcing it to ~/Mail/Files/<suggested-name-if-doesnt-exist> and prompting the user for *anything* else? And maybe a .mh_profile entry to set the value of 'Files' if the user wants to rename the subdir?
pgpebEIfiIgyq.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org http://lists.nongnu.org/mailman/listinfo/nmh-workers