On Wed, Apr 26, 2023 at 02:50:47PM +0200, Raphael Hertzog wrote:
> Executing the script as default open action is IMO a very bad idea
> because what you get by email is largely to not be trusted so I would
> suggest that kitty be modified to not execute scripts in its URL
> launcher mode (or that
On Sat, May 06, 2023 at 04:07:56PM +0200, Gabriel Corona wrote:
> Hi,
>
> > In the mean time, it's probably a good idea to drop
> > "application/x-sh;application/x-shellscript" from the list of supported
> > mime type to limit the risk. (I assume that even with "text/plain" and a
> > .sh file
Hi,
In the mean time, it's probably a good idea to drop
"application/x-sh;application/x-shellscript" from the list of supported
mime type to limit the risk. (I assume that even with "text/plain" and a
.sh file extension or a shebang, kitty might still decide to execute the
script... so the
And yet having shell scripts opened in the shell is a perfectly
reasonable thing to do, for example when browsing shell scripts in your
file manager. Indeed this feature exists because it was requested by
users. It cant be the URL handling applications responsibility to
know what the user intended
Keeping the full text for Kovid's benefit.
On Wed, Apr 26, 2023 at 02:50:47PM +0200, Raphael Hertzog wrote:
> Package: kitty
> Version: 0.26.5-4
> Severity: serious
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> Hello,
>
> I was reading
Package: kitty
Version: 0.26.5-4
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team
Hello,
I was reading https://lists.debian.org/20230425190728.ga1471...@subdivi.de
in mutt and that mail contains 3 shell scripts as attachments
(application/x-sh). I wanted to have a look at the
6 matches
Mail list logo