nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7

2018-01-15 18:55:18
for MH we should allow only metacharacters we handle explicitly, and we 
should use strsep() rather than /bin/sh to make our argument vectors, 
and we should call execve() rather than popen().

Geez, Paul, we HAD this food fight already! :-)

  http://lists.nongnu.org/archive/html/nmh-workers/2013-01/msg00147.html

(And you even contributed to that thread!)

There are two things here.  First, the function we created called argsplit(),
which we use to generate an argv[] array.  We space-split that, unless we
find a shell metacharacter; if we see one, we pass it to /bin/sh -c.  The
idea there was that this would be for things you would put in your profile,
and it wasn't hard to imagine that you might want to quote those arguments.
I didn't envision a security problem there, because you have control over
your own .mh_profile.

The SECOND thing is we now have the ability to place MIME parameters
into some of those command strings, which are from email messages,
which is where things are "interesting".  We don't normally do that in
anything we distribute, I think, but here we have a user that did.  My
proposal is to simply edit out shell metacharacters (add # and ! like
David suggested) in those strings.  That seems simple and reasonable to me.
Well, maybe replace them with an _ or something.

--Ken

-- 
Nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>