Re: RFC2368 security considerations

To: mutt-dev@xxxxxxxx
Subject: Re: RFC2368 security considerations
From: TAKAHASHI Tamotsu <ttakah@xxxxxxxxxxxxxxxxx>
Date: Mon, 13 Jun 2005 06:19:35 +0900
In-reply-to: <20050612164644.GK17359@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
References: <20050610090018.GA5066@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20050612164644.GK17359@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.9i

* Sun Jun 12 2005 Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
> One thing we could do is to restrict the headers accepted from a
> mailto URL to those shown on the compose screen, maybe even minus
> From.  Everything else could either be disregarded, or maybe have
> "x-mailto-url" prepended to it.

Good! Ignoring unsafe headers is the securest way.

IMO, Nobody should use other tags than TO, SUBJECT and BODY.
Anyone uses CC or BCC via mailto URL? I don't think Mutt has
to handle them. But, even if mutt accepts them, that is NOT
a violation of the RFC. They are shown on the compose menu.

Well, setting $edit_headers, I am not affected by this issue.
All the headers are shown on my editor (except REFERENCES).
So, maybe we can make a new variable or command to restrict
the headers. (regex?)

I don't think X-Mailto-URL solves the problem unless it is
shown somewhere users certainly look. (editor?)

Thomas, Thanks for taking care of this small problem.
I believe you'll implement the best solution.
-- 
tamo

Follow-Ups:
- Re: RFC2368 security considerations
  - From: Oswald Buddenhagen

References:
- RFC2368 security considerations
  - From: TAKAHASHI Tamotsu
- Re: RFC2368 security considerations
  - From: Thomas Roessler

Prev by Date: Re: For 1.5.10: cursor patch
Next by Date: Re: For 1.5.10: cursor patch
Previous by thread: Re: RFC2368 security considerations
Next by thread: Re: RFC2368 security considerations
Index(es):
- Date
- Thread