On 2013-04-25 10:13:30 -0500, Derek Martin wrote: > In "normal" e-mail operations, this may be dependent on the behavior > of the mail client, i.e. if it sends separate messages for each > recipient. In an attack, this is not interesting. The attacker is at > your site (he must be, in order to effect a temp file attack). So, he > can either send the message to the target and himself from your > machine, or he can just telnet to your SMTP server and write the > message by hand.
The server normally adds a "Received:" header with some information unknown to the attacker. Anyway, I've seen that you haven't proposed anything else. Is your point to make Mutt uninstallable on machines without a /dev/random? -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
