[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Mailing from Lynx with Pine
From: |
David Woolley |
Subject: |
Re: lynx-dev Mailing from Lynx with Pine |
Date: |
Thu, 11 Apr 2002 08:18:34 +0100 (BST) |
> Content-Transfer-Encoding: BASE64
...
> Content-Description: Patch for external support of mail program
> Content-Disposition: ATTACHMENT; FILENAME="mail.patch"
This patch looks like a security hole to me. You seem to be inserting
uncontrolled text into a shell command using an interface that has
no meta-character protection (you are relying on < going through OK).
You also appear to have an unchecked buffer, sprintf is generally considered
a likely cause of a security breach, these days. Probably more than half
the Microsoft critical updates recently have been to fix unchecked buffers.
Some other points:
- most Unix email programs given a file on standard input are unable
to read the console, so can only send it non-interactively;
- Pine appears to have made an inappropriate choice of MIME encoding for
this email; is it really that good a mailer? (Also, I believe References
in email should exclude the In-Reply-To article.)
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden