But my underlying concern with allowing a relative mhpath surrounds
taking advantage of $HOME leakage/confusion in the event you managed
to get something to call an MH command with elevated privileges.
I.e. $HOME != getpwuid(geteuid())->pw_dir. With absolute paths,
this is never an issue.
Note that nmh already checks to see if a setuid or setgid
had succeeded, and in that case won't use the environment
variables (and instead will just put tmp files in the MH
Path directory):
/* Ignore envvars if we are setuid */
if ((getuid()==geteuid()) && (getgid()==getegid())) {
/* use first non-null of MHTMPDIR, TMPDIR, or TMP */
...
}
If it is .. or .., or starts with ./ or
../, then it's relative to the current working directory.
(Off-this-topic experiment: my first message with that text
got incorrectly converted to 8-bit. I'll run this through
mhbuild to show that the C-T header prevents that.)
David
_______________________________________________
Nmh-workers mailing list
Nmh-workers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/nmh-workers