Hi, On Fri, Nov 13, 2020 at 02:02:22AM +0100, Marriott NZ wrote:
Thanks for your interest in the issue, Frank.
Thanks for your interest, too.
If run-mailcap is used by some mail program or script for mailcap support, then it's a vector for arbitrary command execution. Perhaps this deserves its own bug report.
It very possibly might. Would you be interested in opening one? The information you have given here might be enough.
As a consequence, it's impossible to force the use of, say emacs, for all text subtypes without explicitly enumerating them (generated rules can change anytime).This is a violation of the rfc, which states that "The configuration information will be obtained from the FIRST matching entry".
Again, it would be nice to report that.
In summary, mailcap is harmful. And I won't feel safe until I can get rid of it.
I do agree that there are problems but I don't have the time or energy to implement a replacement. However, at least there must be a documented way how things should be implemented to be safe. Only then can we start to successfully file actual security-bugs against packages that don't follow that rule, and with that, open security leaks in their packages, but also others. We tried without documentation, and failed. This is what this bug here is about.
Frank
signature.asc
Description: PGP signature
