Re: [Nmh-workers] I need help reading the mhstore man page

nmh-workers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] I need help reading the mhstore man page

From:	David Levine
Subject:	Re: [Nmh-workers] I need help reading the mhstore man page
Date:	Sat, 01 Mar 2014 09:26:25 -0500

Norm wrote:

> David Levine <address@hidden> writes:
> > Is clobbering the only [mstore] security concern with -auto?
> 
> Wouldn't the '|' feature, combined with an mhstore-store-<type> in
> .mh_profile, alllow the execution of arbitrary code?

If arbitrary means "what the user put into their profile",
yes, but we can't prevent that.  Is there a way to get
mhstore to execute arbitrary code provided by the message?

Also, '|' isn't affected by -auto:  it is enabled even with -noauto.

David

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Nmh-workers] I need help reading the mhstore man page, norm, 2014/03/01
- Re: [Nmh-workers] I need help reading the mhstore man page, David Levine <=
  - Re: [Nmh-workers] I need help reading the mhstore man page, norm, 2014/03/01
  - Re: [Nmh-workers] I need help reading the mhstore man page, Ken Hornstein, 2014/03/01
- Re: [Nmh-workers] I need help reading the mhstore man page, David Levine, 2014/03/01

Prev by Date: [Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug.
Next by Date: Re: [Nmh-workers] pick -list Printing 0 is Flawed Design, not a Bug.
Previous by thread: Re: [Nmh-workers] I need help reading the mhstore man page
Next by thread: Re: [Nmh-workers] I need help reading the mhstore man page
Index(es):
- Date
- Thread