Ticket 151 - strip leading '-' for mailcap sanitize

noticed that a leading '-' is not stripped from filenames, which could lead to them being interpreted as command arguments. This seems like a good idea, and I'm a bit surprised no one has noticed it before. Perhaps the "expected" behavior is putti

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote: noticed that a leading '-' is not stripped from filenames, which could lead to them being interpreted as command arguments. Just to be clear, the ticket is actually advocating for sa

Re: Ticket 151 - strip leading '-' for mailcap sanitize

Hi Kevin, On Friday, 2019-06-21 12:09:19 -0700, Kevin J. McCarthy wrote: > Perhaps the "expected" behavior is putting '--' before the %s, but neither > the sample mailcap or manual mention that. Not all programs and tools support the '--' mechanism. Eike -- OpenPGP/GnuPG encrypted mail pref

Re: Ticket 151 - strip leading '-' for mailcap sanitize

Hi Kevin, On Friday, 2019-06-21 12:20:28 -0700, Kevin J. McCarthy wrote: > Just to be clear, the ticket is actually advocating for sanitizing the > leading "-", into "_" as other unsafe characters are. I further wonder if > we should just remove "-" from the whitelist rather than adding a specia

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On Fri, Jun 21, 2019 at 10:03:23PM +0200, Eike Rathke wrote: I would not like to have all '-' replaced by '_' in attachments (specifically I personally use '-' instead of '_' except when I need some differentiation). It may also complicate things if for some reason the file name is mentioned or r

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote: > noticed that a leading > '-' is not stripped from filenames, which could lead to them being > interpreted as command arguments. > > This seems like a good idea, and I'm a bit surprised

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On Fri, Jun 21, 2019 at 03:43:57PM -0500, Derek Martin wrote: But regardless, it does beg the question whether, after about 25 years of no one bringing it up, we really need to consider making a change here. I'm not necessarily opposed but as you know, I generally favor a policy of "make change

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On Fri, Jun 21, 2019 at 02:09:53PM -0700, Kevin J. McCarthy wrote: The issue, though, is that the filename isn't always under the user's control. It has been a very long time without issue, but is there a possibility of program argument abuse that could lead to a security issue here? Bah. T

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On 21Jun2019 12:20, Kevin J. McCarthy wrote: On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote: noticed that a leading '-' is not stripped from filenames, which could lead to them being interpreted as command arguments. Just to be

Re: Ticket 151 - strip leading '-' for mailcap sanitize

On 22Jun2019 08:38, Cameron Simpson wrote: Please don't. Add a "./" prefix. That way the filename is unchanged in meaning. If you're _generating_ a scratch filename then avoiding various things is fine, but if you're _using_ a supplied filename then any portion of it may be significant to th