Duncan wrote:
I'm beginning to think so, but decided to sleep on it this morning. So I
did, and I still think so. However, we're close enough to a patch that
testing one and having it ready to go (if we're right) will be useful.
I thought about the possible changes to fix this, and it occured that
there are two options:
(1) Add the call to UUSetOption (UUOPT_IGNMODE, 1, NULL) somewhere.
(2) Change line 140 of uulib/uulib.c to have:
int uu_ignmode = 1;
(i.e. we make the decoder start-up to safe mode, so anyone wanting POSIX
has to call UUSetOption to reset the ignore mode).
First solution works best is uulib is a separate entity from Pan and
users do not want the default behaviour changed, second is better if
uulib is integrated and/or could be used by anything else where this
hole in security could be an issue.
Regards,
Paul
_______________________________________________
Pan-users mailing list
Pan-users@nongnu.org
http://lists.nongnu.org/mailman/listinfo/pan-users
