David Levine <[email protected]> writes:
>Norm wrote:
>
>> David Levine <[email protected]> writes:
>> > Is clobbering the only [mstore] security concern with -auto?
>>
>> Wouldn't the '|' feature, combined with an mhstore-store-<type> in
>> .mh_profile, alllow the execution of arbitrary code?
>
>If arbitrary means "what the user put into their profile",
>yes, but we can't prevent that. Is there a way to get
>mhstore to execute arbitrarycode provided by the message?
On closer reading of the man page, I don't think so. You are right
and I was wrong.
Norman Shapiro
_______________________________________________
Nmh-workers mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/nmh-workers
