[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] I need help reading the mhstore man page
From: |
Ken Hornstein |
Subject: |
Re: [Nmh-workers] I need help reading the mhstore man page |
Date: |
Sat, 01 Mar 2014 11:35:57 -0500 |
>If arbitrary means "what the user put into their profile",
>yes, but we can't prevent that. Is there a way to get
>mhstore to execute arbitrary code provided by the message?
It does occur to me that there might be security concerns with using %a
with '|', depending on shell quoting, etc etc (%a inserts all of the
Content-Type parameters). I don't know how common that is.
--Ken