nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] I need help reading the mhstore man page

2014-03-01 09:11:25
David Levine <levinedl(_at_)acm(_dot_)org> writes:
Norm wrote:

David Levine <levinedl(_at_)acm(_dot_)org> writes:
Is clobbering the only [mstore] security concern with -auto?

Wouldn't the '|' feature, combined with an mhstore-store-<type> in
.mh_profile, alllow the execution of arbitrary code?

If arbitrary means "what the user put into their profile",
yes, but we can't prevent that.  Is there a way to get
mhstore to execute arbitrarycode provided by the message?

On closer reading of the man page, I don't think so. You are right
and I was wrong.

    Norman Shapiro

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>