[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters
|
From: |
David Levine |
|
Subject: |
Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters |
|
Date: |
Thu, 06 Oct 2016 23:11:13 -0400 |
Lyndon wrote:
> > On Oct 6, 2016, at 5:20 AM, David Levine <address@hidden> wrote:
> >
> > The /etc/passwd or relative pathanme will be ignored, and a name of
> > the form message#.part#.subtype will be used instead (assuming no
> > profile override).
>
> I think this is very wrong behaviour.
>
> Filenames in the attachment meta-data are suggestions. But they can be very
> valid suggestions, and shouldn't be ignored for arbitrary reasons.
I don' think they are.
> But leading paths must be ignored, as security dictates.
>
> The safest course of action is:
>
> 1) Take the basename of the suggested filename.
But I wouldn't consider the likely result with filename=/foo/bar/README
to be safest.
> 2) Perform an exclusive open+create of the filename.
>
> 2a) If the file exists, and we are interactive, prompt for a replacement name
> (or to overwrite); else (2c)
That can be configured with -clobber ask, but that's not the default for
(decades of) historical precedent.
I don't think we should change the default here. It's easy enough for
users to override.
David
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, (continued)
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ken Hornstein, 2016/10/04
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, David Levine, 2016/10/04
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Earl Hood, 2016/10/05
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, David Levine, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ralph Corderoy, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ralph Corderoy, 2016/10/07
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Earl Hood, 2016/10/05
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, David Levine, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Lyndon Nerenberg, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Lyndon Nerenberg, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters,
David Levine <=
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Lyndon Nerenberg, 2016/10/06
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, David Levine, 2016/10/07
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ralph Corderoy, 2016/10/10
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ken Hornstein, 2016/10/10
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Ken Hornstein, 2016/10/03
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Paul Vixie, 2016/10/03
- Re: [Nmh-workers] RFC 2047 vs RFC 2231 encoding for MIME parameters, Paul Vixie, 2016/10/03