John Hardin has just updated his procmail "kit" to shorten long file names on MIME attachments. This should prevent potential exploits in mail clients such as Outlook, Outlook Express, Netscape Mail, and possibly Eudora (there's still some debate about whether Eudora is susceptible). John's procmail filter kit can be found at http://www.wolfenet.com/~jhardin/procmail-kit.html You can view his "recipe" for solving the problem at the end of the file http://www.wolfenet.com/~jhardin/html-trap.procmail I have no idea whether his solution is bulletproof (we should all probably review it to be sure!), but it certainly looks good. Admins: it'd be a fantastic idea to install this NOW to protect users, unless anyone knows of security holes in procmail. --Brett Glass
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:10:08 PDT