>If arbitrary means "what the user put into their profile", >yes, but we can't prevent that. Is there a way to get >mhstore to execute arbitrary code provided by the message?
It does occur to me that there might be security concerns with using %a with '|', depending on shell quoting, etc etc (%a inserts all of the Content-Type parameters). I don't know how common that is. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
