And if your regex engine has vulns? ;) On 10 July 2015 22:41:23 GMT+01:00, grarpamp <[email protected]> wrote: >On Fri, Jul 10, 2015 at 4:11 AM, Georgi Guninski ><[email protected]> wrote: >> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote: >>> On Fri, 10 Jul 2015 00:00:20 -0700, Tom <[email protected]> wrote: >>> >>> >http://ptrace.fefe.de/fpalm30c3.jpg >>> >>> I actually appreciate content posted in message, get tired of having >>> to fire up a browser for links. Also every click on a browser link >>> is a potential attack whereas plain-text in an email is not. >> >> Are you sure plain-text email is not potential attack? >> >> There have been many bugs in text mail clients. >> >> IIRC shell shock affected qmail local delivery (and maybe >> procmail). > >Affection is possible... >http://www.gossamer-threads.com/lists/qmail/users/138578 > >Moral: Validate input and pipelines. Even if only a silly regex sanity >filter on >instruction metadata (email addresses), ie: [A-Za-z0-9._@+-] mod utf-8 >Security is not being liberal in what you accept.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
