From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/54049
Path: main.gmane.org!not-for-mail
From: Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Saving attachments with a leading dot
Date: Wed, 24 Sep 2003 17:11:54 +0200
Sender: ding-owner@lists.math.uh.edu
Message-ID: <m3k77yi5l1.fsf@seneca.benny.turtle-trading.net>
References: <m3eky7vzv7.fsf@defun.localdomain>
	<m31xu6jnrh.fsf@seneca.benny.turtle-trading.net>
	<4n1xu6ckqx.fsf@lockgroove.bwh.harvard.edu>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1064416375 9982 80.91.224.253 (24 Sep 2003 15:12:55 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 24 Sep 2003 15:12:55 +0000 (UTC)
Original-X-From: ding-owner+M2589@lists.math.uh.edu Wed Sep 24 17:12:53 2003
Return-path: <ding-owner+M2589@lists.math.uh.edu>
Original-Received: from malifon.math.uh.edu ([129.7.128.13])
	by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 1A2BK1-0007dl-00
	for <ding-account@gmane.org>; Wed, 24 Sep 2003 17:12:53 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by malifon.math.uh.edu with smtp (Exim 3.20 #1)
	id 1A2BJm-0006YJ-00; Wed, 24 Sep 2003 10:12:38 -0500
Original-Received: from justine.libertine.org ([66.139.78.221])
	by malifon.math.uh.edu with esmtp (Exim 3.20 #1)
	id 1A2BJf-0006YD-00
	for ding@lists.math.uh.edu; Wed, 24 Sep 2003 10:12:31 -0500
Original-Received: from mail.epost.de (unknown [193.28.100.164])
	by justine.libertine.org (Postfix) with ESMTP id 0CFF33A004C
	for <ding@gnus.org>; Wed, 24 Sep 2003 10:12:27 -0500 (CDT)
Original-Received: from seneca.benny.turtle-trading.net.epost.de (193.99.153.30) by mail.epost.de (6.7.015)
        id 3F7026E600027DCE for ding@gnus.org; Wed, 24 Sep 2003 17:12:26 +0200
Original-To: ding@gnus.org
In-Reply-To: <4n1xu6ckqx.fsf@lockgroove.bwh.harvard.edu> (Ted Zlatanov's
 message of "Wed, 24 Sep 2003 10:40:54 -0400")
User-Agent: Gnus/5.1001 (Gnus v5.10.1) Emacs/21.3.50 (gnu/linux)
Precedence: bulk
Xref: main.gmane.org gmane.emacs.gnus.general:54049
X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:54049

Hi Ted,


> On Wed, 24 Sep 2003, Benjamin.Riefenstahl@epost.de wrote:
>> Control characters in names.  Especially \n could possibly be used
>> for exploits.

Ted Zlatanov <tzz@lifelogs.com> writes:
> Could that occur naturally in UTF-8 filenames?

No, control characters are an ASCII feature, UTF-8 doesn't create
them.  But a malicious mail sender can easily create them.

> Does Gnus support those?  I have no idea if MIME supports them to
> begin with.

I'd have to check the standards for myself for the official rules.
But a test mail to find out how the transfer encoding for filenames
can look like and a quick modification of that mail shows that this
does what I meant:

>>>>>>
Subject: test nl in attachment
From: Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>
Message-ID: <test#nl@seneca.benny.turtle-trading.net>
MIME-Version: 1.0
Content-Type: application/octet-stream
Content-Disposition: attachment; filename*=iso-8859-1''%0arm%20somefile
Lines: 2

Any content

<<<<<<<

This results in the filename "\nrm somefile" (in C literal syntax).
This could have bad effects, if the file is saved with that name and
later used with some shell script.  That script might even just be
your nightly backup.


benny