Lyndon wrote: > > On Oct 6, 2016, at 5:20 AM, David Levine <[email protected]> wrote: > > > > The /etc/passwd or relative pathanme will be ignored, and a name of > > the form message#.part#.subtype will be used instead (assuming no > > profile override). > > I think this is very wrong behaviour. > > Filenames in the attachment meta-data are suggestions. But they can be very > valid suggestions, and shouldn't be ignored for arbitrary reasons.
I don' think they are. > But leading paths must be ignored, as security dictates. > > The safest course of action is: > > 1) Take the basename of the suggested filename. But I wouldn't consider the likely result with filename=/foo/bar/README to be safest. > 2) Perform an exclusive open+create of the filename. > > 2a) If the file exists, and we are interactive, prompt for a replacement name > (or to overwrite); else (2c) That can be configured with -clobber ask, but that's not the default for (decades of) historical precedent. I don't think we should change the default here. It's easy enough for users to override. David _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
