On Mon, 08. Feb 2010, 20:40:52 +0100, Marcus C. Gottwald wrote: > I may add that there seems to be a (small, theoretical) risk > with the way command-line arguments are treated: At least > "--tls-fingerprint" can be given multiple times, and the value > of the last one supersedes the value of previous ones. Since > "Mutt" wants to add "-f <envelopefrom>", "--" can't be used to > tell "msmtp" that only recipients' email addresses are supposed > to follow, and there might be a chance that someone could make > me send an email addressed to "--host=mail.badguy.com > --tls-fingerprint=...", so that the bad guy gets a chance to > sniff my password.
That is always a problem when '--' is not used, even if the options can only be given once. But my version of Mutt adds '--' itself: the arguments to the configured sendmail command are '-f [email protected] -- <recip1> <recip2>...'. And every program that builds a sendmail command line from untrusted input should do the same. Furthermore, mail addresses are even allowed to start with '-', so the '--' is needed to recognize these. Martin ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
