autoview filename
- To: mutt-dev@xxxxxxxx
- Subject: autoview filename
- From: Kyle Wheeler <kyle-mutt-dev@xxxxxxxxxxxxxx>
- Date: Sun, 21 Sep 2008 22:48:58 -0500
- Comment: DomainKeys? See http://domainkeys.sourceforge.net/
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=memoryhole.net; h=date :from:to:subject:message-id:mime-version:content-type; s=default ; bh=D3KWmzp4URJQ8NmVhFrRPLlgpII=; b=LxrWuNxlt/BF3TP5UmF5qDLynSo n6gI5uDDI2cZOZ2cFlTNlIvNmA/dqFxSJ3Qa5Uo7p7Jg+QLv3Auyty80fDm84ANS JCskGrQIG7EnzscqBOQvhX7EOA9ZFjOOn15lJT8KqY5yAyNcm3FuarcexssdjBmc GFeBgJqygt3/WdcA=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=naYnxlqw8DBqaZjlt+frFPx39IwnqJORX1/9gnbHq/PWbO7Or/35+YhnnG63OC4UtX0PV3rpKV7OSCBgtXxhT9v+8kYZnaoVW/obJ6d5jfMy/8/qUJUH0K9qDA72K9czrpdSI4nFhtwwe1pO0jbuzVWELujKmjeM85eGnokjubw=; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:MIME-Version:Content-Type:Content-Disposition:OpenPGP:User-Agent;
- List-post: <mailto:mutt-dev@mutt.org>
- List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-dev"
- Mail-followup-to: mutt-dev@xxxxxxxx
- Openpgp: id=CA8E235E; url=http://www.memoryhole.net/~kyle/kyle-pgp.asc; preference=signencrypt
- Sender: owner-mutt-dev@xxxxxxxx
- User-agent: Mutt/1.5.18 (2008-08-31)
Hey,
It just came to my attention that, at least when auto-viewing html
attachments, mutt uses a predictable filename rather than its usual
secure temporary file creation (e.g. it always uses $TMPDIR/mutt.html
to view html files).
This seems like a security bug, among other things. Where is this in
the code? Doing a grep for mutt.html didn't show anything in the
source...
~Kyle
--
I cannot choose but condemn those Persons, who suffering themselves to
be too much dazzled with the Lustre of the noble Actions of the
Ancients, make it their Study to Extol them to the Skies; without
reflecting, that these later Ages have furnished us with others more
Heroick and Wonderful.
-- Gemelli Careri
Attachment:
pgpjV9WF9lnSU.pgp
Description: PGP signature