Rocco Rutte:
- improve mailcap's security section (crosslinks still to come)
git-svn-id: svn://svn.berlios.de/mutt-ng/trunk@409
e385b8ad-14ed-0310-8656-
cc95a2468c6d
1524. Mutt-ng can be set up to <em/automatically/ execute any
given utility as listed in one of the mailcap files (see the
<ref id="mailcap_path" name="$mailcap_path">
1524. Mutt-ng can be set up to <em/automatically/ execute any
given utility as listed in one of the mailcap files (see the
<ref id="mailcap_path" name="$mailcap_path">
- variable for details.) These utilities may have security issues
- like overriding arbitrary files, contain exploitable bugs or just
- leak information which is a bad in combination with running them
- without prompting. When using mutt-ng's autoview mechanism
- involing use of mailcap files, please make sure that
+ variable for details.)
+
+ These utilities may have a variety of security vulnerabilities,
+ including overwriting of arbitrary files, information leaks or
+ other exploitable bugs. These vulnerabilities may go unnoticed by
+ the user, especially when they are called automatically (and
+ without interactive prompting) from the mailcap file(s). When
+ using mutt-ng's autoview mechanism in combination with mailcap
+ files, please be sure to...
- <item>you manually select trustworthy applications with a
- reasonable calling sequence
+ <item>manually select trustworth applications with a reasonable
+ calling sequence
- <item>you check the contents of mailcap files from time to time
- (for example after doing software installations/upgrades)
+ <item>periodically check the contents of mailcap files,
+ especially after software installations or upgrades
- <item>you, if you're the system's operator, always keep the
- software packages involved up-to-date
+ <item>keep the software packages referenced in the mailcap file up to date
- <item>you never ever change the default value of the
- <ref id="mailcap_sanitize"
- name="$mailcap_sanitize"> variable
+ <item>leave the <ref id="mailcap_sanitize"
+ name="$mailcap_sanitize"> variable in its default
+ state to restrict mailcap expandos to a safe set of characters
to send messages from the command line as well.
<tscreen><verb>
to send messages from the command line as well.
<tscreen><verb>
-a attach a file to a message
-b specify a blind carbon-copy (BCC) address
-c specify a carbon-copy (Cc) address
-a attach a file to a message
-b specify a blind carbon-copy (BCC) address
-c specify a carbon-copy (Cc) address
One of these is the mailcap mechanism as defined by RfC 1524. Mutt-ng can be
set up to _\ba_\bu_\bt_\bo_\bm_\ba_\bt_\bi_\bc_\ba_\bl_\bl_\by execute any given utility as listed in one of the mail-
cap files (see the _\b$_\bm_\ba_\bi_\bl_\bc_\ba_\bp_\b__\bp_\ba_\bt_\bh (section 7.4.116 , page 114) variable for
One of these is the mailcap mechanism as defined by RfC 1524. Mutt-ng can be
set up to _\ba_\bu_\bt_\bo_\bm_\ba_\bt_\bi_\bc_\ba_\bl_\bl_\by execute any given utility as listed in one of the mail-
cap files (see the _\b$_\bm_\ba_\bi_\bl_\bc_\ba_\bp_\b__\bp_\ba_\bt_\bh (section 7.4.116 , page 114) variable for
- details.) These utilities may have security issues like overriding arbitrary
- files, contain exploitable bugs or just leak information which is a bad in com-
- bination with running them without prompting. When using mutt-ng's autoview
+ details.)
+
+ These utilities may have a variety of security vulnerabilities, including
The Mutt Next Generation E-Mail Client 79
The Mutt Next Generation E-Mail Client 79
- mechanism involing use of mailcap files, please make sure that
+ overwriting of arbitrary files, information leaks or other exploitable bugs.
+ These vulnerabilities may go unnoticed by the user, especially when they are
+ called automatically (and without interactive prompting) from the mailcap
+ file(s). When using mutt-ng's autoview mechanism in combination with mailcap
+ files, please be sure to...
- +\bo you manually select trustworthy applications with a reasonable calling
- sequence
+ +\bo manually select trustworth applications with a reasonable calling sequence
- +\bo you check the contents of mailcap files from time to time (for example
- after doing software installations/upgrades)
+ +\bo periodically check the contents of mailcap files, especially after soft-
+ ware installations or upgrades
- +\bo you, if you're the system's operator, always keep the software packages
- involved up-to-date
+ +\bo keep the software packages referenced in the mailcap file up to date
- +\bo you never ever change the default value of the _\b$_\bm_\ba_\bi_\bl_\bc_\ba_\bp_\b__\bs_\ba_\bn_\bi_\bt_\bi_\bz_\be (section
- 7.4.117 , page 115) variable
+ +\bo leave the _\b$_\bm_\ba_\bi_\bl_\bc_\ba_\bp_\b__\bs_\ba_\bn_\bi_\bt_\bi_\bz_\be (section 7.4.117 , page 115) variable in its
+ default state to restrict mailcap expandos to a safe set of characters
_\b6_\b._\b4_\b._\b2 _\bO_\bt_\bh_\be_\br
_\b6_\b._\b4_\b._\b2 _\bO_\bt_\bh_\be_\br
The Mutt Next Generation E-Mail Client 80
The Mutt Next Generation E-Mail Client 80
-a attach a file to a message
-b specify a blind carbon-copy (BCC) address
-c specify a carbon-copy (Cc) address
-a attach a file to a message
-b specify a blind carbon-copy (BCC) address
-c specify a carbon-copy (Cc) address
projects / apps / madmutt.git / commitdiff