on Tue, Apr 09, 2002, Matijs van Zuijlen ([EMAIL PROTECTED]) wrote: > On Tue, Apr 09, 2002 at 03:50:54AM -0700, Karsten M. Self wrote: > > :0: > > * ^X-Mailing-List: <\/[^@<>]+ > > $LISTDIR/$MATCH/ > > As has been noted[1] in another thread on the same subject on > debian-devel: this is dangerous. Someone could just send an email with > > X-Mailing-List: <../something> > > in its headers to overwrite your file ~/something (and try other > variations if that didn't work). > > [1] See: > http://lists.debian.org/debian-devel/2002/debian-devel-200202/msg02132.html
Good point. I was concerned about that... Since it's matching on X-foo headers, it doens't have to pass RFC 822/2822 rules either. What's a good regexp that will catch characters up to the '@' then? * ^X-BeenThere: \/[^.@<>]+ ...will at least prevent the parent directory trick. Is there a good washer for something like this that can be put into procmail? Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
pgpbf45WppgYr.pgp
Description: PGP signature