Re: [Nmh-workers] I need help reading the mhstore man page

Norm wrote:

David Levine <levinedl(_at_)acm(_dot_)org> writes:

Is clobbering the only [mstore] security concern with -auto?


Wouldn't the '|' feature, combined with an mhstore-store-<type> in
.mh_profile, alllow the execution of arbitrary code?


If arbitrary means "what the user put into their profile",
yes, but we can't prevent that.  Is there a way to get
mhstore to execute arbitrary code provided by the message?

Also, '|' isn't affected by -auto:  it is enabled even with -noauto.

David

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Nmh-workers] I need help reading the mhstore man page, norm Re: [Nmh-workers] I need help reading the mhstore man page, David Levine <= Re: [Nmh-workers] I need help reading the mhstore man page, norm Re: [Nmh-workers] I need help reading the mhstore man page, Ken Hornstein Re: [Nmh-workers] I need help reading the mhstore man page, David Levine

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug., Ralph Corderoy
Next by Date:	Re: [Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug., David Levine
Previous by Thread:	Re: [Nmh-workers] I need help reading the mhstore man page, norm
Next by Thread:	Re: [Nmh-workers] I need help reading the mhstore man page, norm
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug., Ralph Corderoy

Next by Date:

Re: [Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug., David Levine

Previous by Thread:

Re: [Nmh-workers] I need help reading the mhstore man page, norm

Next by Thread:

Re: [Nmh-workers] I need help reading the mhstore man page, norm

Indexes:

[Date] [Thread] [Top] [All Lists]