On Wed, 10 Feb 1999, Pine Development Team wrote: > While one could modify Pine to guard against the particular exploit > permitted by the mailcap entries in question, it is very difficult to > conceive of a truly safe "paranoid mode" other than disabling parameter > substitution entirely. However, we suspect most people will find it far > easier to remove any unsafe entries from their mailcap configuration file. A truly safe "paranoid mode" would be to refuse to execute the command if the substitution could lead to any undesired effects--i.e. if any of the substituted values contains a suspicious character. This could break some functionality (but in fact, strange characters should never appear anywhere save from %{boundary}) but you can always show the command to the user and ask him/her. Well, lusers would lose anyway... Of course, a real solution would be to pass the information using a channel that is not a subject of that much automagical interpretation as the raw text of shell commands. Environment variables, perhaps? Anything but the dangerous RFC-1524-Appendix-A(?) way. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "NSA GCHQ KGB CIA nuclear conspiration war weapon spy agent... Hi Echelon!"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:24 PDT