Lyndon wrote:
On Oct 6, 2016, at 5:20 AM, David Levine <levinedl(_at_)acm(_dot_)org>
wrote:
The /etc/passwd or relative pathanme will be ignored, and a name of
the form message#.part#.subtype will be used instead (assuming no
profile override).
I think this is very wrong behaviour.
Filenames in the attachment meta-data are suggestions. But they can be very
valid suggestions, and shouldn't be ignored for arbitrary reasons.
I don' think they are.
But leading paths must be ignored, as security dictates.
The safest course of action is:
1) Take the basename of the suggested filename.
But I wouldn't consider the likely result with filename=/foo/bar/README
to be safest.
2) Perform an exclusive open+create of the filename.
2a) If the file exists, and we are interactive, prompt for a replacement name
(or to overwrite); else (2c)
That can be configured with -clobber ask, but that's not the default for
(decades of) historical precedent.
I don't think we should change the default here. It's easy enough for
users to override.
David
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers