> Content-Transfer-Encoding: BASE64 ... > Content-Description: Patch for external support of mail program > Content-Disposition: ATTACHMENT; FILENAME="mail.patch"
This patch looks like a security hole to me. You seem to be inserting uncontrolled text into a shell command using an interface that has no meta-character protection (you are relying on < going through OK). You also appear to have an unchecked buffer, sprintf is generally considered a likely cause of a security breach, these days. Probably more than half the Microsoft critical updates recently have been to fix unchecked buffers. Some other points: - most Unix email programs given a file on standard input are unable to read the console, so can only send it non-interactively; - Pine appears to have made an inappropriate choice of MIME encoding for this email; is it really that good a mailer? (Also, I believe References in email should exclude the In-Reply-To article.) ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
