On Tue, 23 Nov 2004 20:55:04 PST, Bill Wohler said: > In any event, quietly overwriting an existing file (especially if the > file existed outside of the message already) should be prevented.
Also, if we're extending the functionality, we should include the following checks: 1) Filter the pathname for .. and absolute pathnames - or possibly totally ignore all path information and save the base filename in Mail/ 2) Never automagically save a file with a name starting with '.' (These are a security threat - I've heard of more than one person who's gotten their machine hacked because somebody sent them an attachment called '~/.rhosts' that contained a '+ +'. And before you say that's an old worn-out trick, note that on modern Unixoids if you have an sshd running there's often fun to be had by mailing a customized file and calling it 'foo/../../../home/<victim>/.ssh/authorized-keys' or something like that.. ;) Hmm.. maybe forcing it to ~/Mail/Files/<suggested-name-if-doesnt-exist> and prompting the user for *anything* else? And maybe a .mh_profile entry to set the value of 'Files' if the user wants to rename the subdir?
pgpLlb4AcAsIe.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/nmh-workers
