Anton Khirnov <[email protected]> writes: >> Maybe you explained this already, but, why do we need/want to involve >> the shell? I assume there's a good reason not to just exec something >> like we for hooks? > > We need some way of splitting the commandline into the argument list for > evecve(), a shell is the obvious way of doing that; I suppose we could > also make index.filter into a list option, IIRC I didn't know they > existed when I decided to use the shell. It would complicate the related > indexopts APIs though. >
Sorry, I've been meaning to respond to this in a more considered way, but haven't found the time/spoons. Anyway I guess I have a (potentially irrational) fear of the attack surface introduced by using the shell the parse the command line of the filter program. Anton correctly points out elsewhere that this command line is not input from email but explicitely configured by the user. I'm feeling a bit out of my depth here assessing how much risk there is (if any), so I've CCed a few people whose views on security stuff (and/or shell stuff) I respect, in order to get a bit more feedback (if possible). _______________________________________________ notmuch mailing list -- [email protected] To unsubscribe send an email to [email protected]
