Re: autoview filename

To: mutt-dev@xxxxxxxx
Subject: Re: autoview filename
From: TAKAHASHI Tamotsu <ttakah@xxxxxxxxxxxxxxxxx>
Date: Mon, 22 Sep 2008 22:59:25 +0900
In-reply-to: <20080922034858.GB19893@xxxxxxxxxxxxx>
List-post: <mailto:mutt-dev@mutt.org>
List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-dev"
Mail-followup-to: mutt-dev@xxxxxxxx
References: <20080922034858.GB19893@xxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.18 (2008-07-11)

* Sun Sep 21 2008 Kyle Wheeler <kyle-mutt-dev@xxxxxxxxxxxxxx>
> It just came to my attention that, at least when auto-viewing html  
> attachments, mutt uses a predictable filename rather than its usual  
> secure temporary file creation (e.g. it always uses $TMPDIR/mutt.html to 
> view html files).
>
> This seems like a security bug, among other things. Where is this in the 
> code? Doing a grep for mutt.html didn't show anything in the source...

rfc1524_expand_filename

-- 
tamo

References:
- autoview filename
  - From: Kyle Wheeler

Prev by Date: autoview filename
Next by Date: Re: [Mutt] #3119: problem setting Fcc to save email on Zimbra IMAP
Previous by thread: autoview filename
Next by thread: [Mutt] #3122: mutt doesn't build without idn support
Index(es):
- Date
- Thread