<<< Date Index >>>     <<< Thread Index >>>

autoview filename



Hey,

It just came to my attention that, at least when auto-viewing html attachments, mutt uses a predictable filename rather than its usual secure temporary file creation (e.g. it always uses $TMPDIR/mutt.html to view html files).

This seems like a security bug, among other things. Where is this in the code? Doing a grep for mutt.html didn't show anything in the source...

~Kyle
--
I cannot choose but condemn those Persons, who suffering themselves to be too much dazzled with the Lustre of the noble Actions of the Ancients, make it their Study to Extol them to the Skies; without reflecting, that these later Ages have furnished us with others more Heroick and Wonderful.
                                                     -- Gemelli Careri

Attachment: pgpjV9WF9lnSU.pgp
Description: PGP signature