David Levine <levinedl(_at_)acm(_dot_)org> writes:
I expect that there are: anything that's relative to the MH Path
is susceptible. But again, there may be users out there who depend
on it, and moreso than $TMP.
I'm all for backwards compatibility, but in this case I'm with Lyndon:
I wouldn't even hesitate chucking this over the side.
I hate it when upgrades break my configuration. And I know
I'm not the only one :-)
I'll look into deprecating it (".." in a folder name). I don't
see a big rush to yank it, given the personal extent of nmh.
Isn't making a relative MHTMPDIR relative to MH Path just as much a
change as disallowing relative paths? Security breaches should be fixed
as soon as they are found. Document in the release notes. Exit with an
error.
--
Bill Wohler <wohler(_at_)newt(_dot_)com> aka
<Bill(_dot_)Wohler(_at_)nasa(_dot_)gov>
http://www.newt.com/wohler/
GnuPG ID:610BD9AD
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers