From: Ted Zlatanov <tzz@lifelogs.com>
Subject: Re: Saving attachments with a leading dot
Date: Wed, 24 Sep 2003 06:38:27 -0400 [thread overview]
Message-ID: <4nisnifp3w.fsf@lockgroove.bwh.harvard.edu> (raw)
In-Reply-To: <m3eky7vzv7.fsf@defun.localdomain> (Jesper Harder's message of "Wed, 24 Sep 2003 01:39:24 +0200")
On Wed, 24 Sep 2003, harder@myrealbox.com wrote:
> RFC 2183 says:
>
> ,----
>| Since this memo provides a way for the sender to suggest a
>| filename, a receiving MUA must take care that the sender's
>| suggested filename does not represent a hazard. Using UNIX as an
>| example, some hazards would be:
>|
>| + Creating startup files (e.g., ".login").
That's dangerous iff the startup file doesn't exist already, IMO.
Otherwise it's simply a special case of the third item.
>| + Creating or overwriting system files (e.g., "/etc/passwd").
It's impossible to catch all the system file names. I would only
worry about it if it's a subcase of the third item.
>| + Overwriting any existing file.
I think with a warning, this should be allowed. It's a very
legitimate use of attachments.
>| + Placing executable files into any command search path
>| (e.g., "~/bin/more").
I think we should simply never set the executable bit on any saved
attachment, that's all. It's a good practice generally, since a lot
of users have '.' in their path.
>| + Sending the file to a pipe (e.g., "| sh").
I don't think Gnus should ever allow pipes. The file name should be
saved as is, and if the user specified a special character in the
name, then so be it.
>| In general, the receiving MUA should not name or place the file
>| such that it will get interpreted or executed without the user
>| explicitly initiating the action.
>|
>| It is very important to note that this is not an exhaustive
>| list; it is intended as a small set of examples only.
>| Implementors must be alert to the potential hazards on their
>| target systems.
> `----
>
> Gnus doesn't prevent creating startup files. We could:
>
> · Strip leading dots from file names, or
Why? This is a legitimate use. I would warn the user instead, with
an offer to remove the dot. Ditto for existing files.
> · Set the default value of `mm-default-directory' to somewhere
> (where?), so attachments aren't saved in ~.
I like that default a lot, and it makes sense for most users.
> Any other nasty file names we should watch out for?
'-' and variations thereof is the most annoying one... Most users
don't know about "rm --" and can get caught - not to mention that most
Unix utilities don't deal with file names beginning with '-'
gracefully. Maybe we should also warn about the shell special
characters.
Ted
next prev parent reply other threads:[~2003-09-24 10:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-23 23:39 Jesper Harder
2003-09-24 10:38 ` Ted Zlatanov [this message]
2003-09-25 3:24 ` Jesper Harder
2003-09-25 4:22 ` Ted Zlatanov
2003-09-25 5:49 ` Jochen Küpper
2003-09-29 3:28 ` Jesper Harder
2003-10-02 18:07 ` Ted Zlatanov
2003-10-02 19:56 ` Jochen Küpper
2003-10-03 1:35 ` Jesper Harder
2003-10-03 14:04 ` Benjamin Riefenstahl
2003-10-02 18:10 ` Ted Zlatanov
2003-09-24 13:53 ` Benjamin Riefenstahl
2003-09-24 14:40 ` Ted Zlatanov
2003-09-24 15:11 ` Benjamin Riefenstahl
2003-09-24 16:03 ` Ted Zlatanov
2003-09-24 16:16 ` Benjamin Riefenstahl
2003-09-24 17:45 ` Ted Zlatanov
2003-09-24 15:48 ` Reiner Steib
2003-09-24 16:11 ` Benjamin Riefenstahl
2003-09-25 14:40 ` Reiner Steib
2003-09-25 3:23 ` Jesper Harder
2003-09-25 8:44 ` Hanak David
2003-09-29 3:20 ` Jesper Harder
2003-10-17 17:31 ` Lars Magne Ingebrigtsen
2003-10-18 16:43 ` Jesper Harder
2003-10-18 16:50 ` Lars Magne Ingebrigtsen
2003-10-18 20:04 ` Jesper Harder
2003-10-18 23:17 ` Jesper Harder
2003-10-19 11:14 ` Lars Magne Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4nisnifp3w.fsf@lockgroove.bwh.harvard.edu \
--to=tzz@lifelogs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).