Re: mutt and plaintext passwords : muttrc encryption ?
As far as I know (and `man environ`, `man popen`) is that :
- the environment can be only changed internally, via putenv(),
setenv() POSIX calls.
- the mutt backtick-based commands, like "|" terminated 'source's
does not perform any of the 'execve,execl,...' functions nor 'fork',
but only pipe reads (popen()'s).
so there is no chance of a mutt-triggered environment change, unless
you find some putenv(), setenv(), or related calls in the mutt code.
So there I see no legitimate way of breaking mutt's environment via
source or exec mutt keywords.
p.s.: I just learnt the ``list-reply'' function, feel sorry for some
duplicate messages i've sent :P
On 20080728@22:54, Kyle Wheeler wrote:
> On Monday, July 28 at 07:56 PM, quoth Derek Martin:
> > ...
> >...unless bash swaps out the environment...
> ... why, in that example, would bash do that?
> Presumably, you can avoid that by removing the "exec" keyword in the
> script?