[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] I need help reading the mhstore man page
From: |
norm |
Subject: |
Re: [Nmh-workers] I need help reading the mhstore man page |
Date: |
Sat, 01 Mar 2014 07:10:53 -0800 |
David Levine <address@hidden> writes:
>Norm wrote:
>
>> David Levine <address@hidden> writes:
>> > Is clobbering the only [mstore] security concern with -auto?
>>
>> Wouldn't the '|' feature, combined with an mhstore-store-<type> in
>> .mh_profile, alllow the execution of arbitrary code?
>
>If arbitrary means "what the user put into their profile",
>yes, but we can't prevent that. Is there a way to get
>mhstore to execute arbitrarycode provided by the message?
On closer reading of the man page, I don't think so. You are right
and I was wrong.
Norman Shapiro