> >In general, I don't think the question is easy to answer. > >What if an attacker, or mistake, moves the divider > >between the display name and angle address? And it's > >even more complicated because an "address" can be an nmh > >alias.
> I am trying to envision this attack you describe, and I am > having a hard time. There's a difference between "having a hard time" and "knowing that it cannot possibly happen". You may be right, but I'd like to see a stronger statement. If there's some doubt, then I don't think it's worth the risk. This shouldn't occur often, and I don't see any problem with letting the user deal with it. > Secondly ... I am actually skeptical that this could even be > considered an attack vector. Assuming no buffer overflows, > what, exactly, would an attacker be trying to accomplish? I don't see what buffer overflows have to do with anything here, not all attacks require them. And motivations are of no concern to me: if it can happen and it's undesired behavior, we've done something wrong. Even if it can happen by mistake. And if it can happen by mistake, it can happen with intent. An "attack" doesn't have to be malicious, it can be user/programmer/whoever error. My concern is that something like boss=?utf8?Q?=2cX=excluded, where X is a invalid UTF byte, will get converted to boss=?utf8?Q?=2c?=excluded, which is a legal encoding of boss,excluded. If you can guarantee that kind of thing won't ever happen in an nmh draft, great. David _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
