<<< Date Index >>>     <<< Thread Index >>>

Re: mutt and plaintext passwords : muttrc encryption ?



As far as I know (and `man environ`, `man popen`) is that :

 - the environment can be only changed internally, via putenv(),
   setenv() POSIX calls.

 - the mutt backtick-based commands, like "|" terminated 'source's
   does not perform any of the 'execve,execl,...' functions nor 'fork',
   but only pipe reads (popen()'s).
   so there is no chance of a mutt-triggered environment change, unless
   you find some putenv(), setenv(), or related calls in the mutt code.

So there I see no legitimate way of breaking mutt's environment via
source or exec mutt keywords.



p.s.: I just learnt the ``list-reply'' function, feel sorry for some 
duplicate messages i've sent :P

On 20080728@22:54, Kyle Wheeler wrote:
> On Monday, July 28 at 07:56 PM, quoth Derek Martin:
> > ...
> >...unless bash swaps out the environment...
> ... why, in that example, would bash do that?
> Presumably, you can avoid that by removing the "exec" keyword in the
> script?