> >The man page for mhstore recommends that, for the sake of security, > >I not put the -auto switch in .mh_profile. Whatever the security > >risk is, would it not also be present if I invoke mhstore with that > >switch? But the man page does not seem to recommend against that.
Yes, they're equivalent. Should we replace that recommendation with one that recommends nmh-storage and/or a non-default -clobber setting with -auto? mhstore has the noted checks on the filename, and doesn't pass it or a mhstore-store- string through the shell. Is clobbering the only security concern with -auto? > -auto uses the filename that may be present in the MIME headers as the > filename of the output file. So, for example, if I were to send you a > file named ".cshrc" (or .profile ... you get the idea), it could cause > an issue if you didn't notice what it was doing. Looking at it more > closely ... you know, I think -clobber always is a terrible default. I agree, but that default maintains backward compatibility. > I combine -auto with nmh-storage: /tmp. I think that's reasonable. I use -auto -clobber ask David _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
