> Hi John and Salvatore, > > actually, the security fix did not change the behaviour of run-mailcap when > filenames contained spaces, which already triggered renaming to a temporary > file.
I compared the behaviour with an older version. > I think that the behaviour of the --norun option is correct: it indicates > exactly what run-mailcap would be doing. It would be confusing if renaming > would only happen when the command is run for real. > > How about the following: I can add a "SECURITY" section in run-mailcap's > manpage, which would indicate that « A temporary copy of the file is opened if > the file name matches the Perl regular expresssion "[^[:alnum:],.:/@%^+=_-]", > in order to protect from the injection of shell commands, and to make sure > that > the name can always be displayed in the current locale. In addition, the file > is opened using its absolute path to prevent the injection of command-line > arguments, for instance using file names starting with dashes. » Sounds reasonable. Thanks for explanation and best regards, John -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
