David Levine <[email protected]> writes: >> >I expect that there are: anything that's relative to the MH Path >> >is susceptible. But again, there may be users out there who depend >> >on it, and moreso than $TMP. >> >> I'm all for backwards compatibility, but in this case I'm with Lyndon: >> I wouldn't even hesitate chucking this over the side. > > I hate it when upgrades break my configuration. And I know > I'm not the only one :-) > > I'll look into deprecating it (".." in a folder name). I don't > see a big rush to yank it, given the personal extent of nmh.
Isn't making a relative MHTMPDIR relative to MH Path just as much a change as disallowing relative paths? Security breaches should be fixed as soon as they are found. Document in the release notes. Exit with an error. -- Bill Wohler <[email protected]> aka <[email protected]> http://www.newt.com/wohler/ GnuPG ID:610BD9AD _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
