Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Incoming from Rick Moen:
> Quoting David Mandelberg (mandelbergd@eth0.is-a-geek.org):
>
> > Do you mean to say that opening "message.txt\t\t\t.desktop" which
> > happens to be a freedesktop.org compliant launcher for the program "rm
> > -rf $HOME" is safe because it's designed for people running one of the
> > F/OSS products GNOME or KDE on a F/OSS OS?
>
> Please advise this mailing list of which specific Linux or BSD MUA (or
> specific configuration thereof) is willing to execute a received binary
Hi Rick. :-)
Well, even mutt will, if you turn on autoload crap in .muttrc and load
up your .mailcap with stupid helper apps.
Out of the box, no, mutt doesn't do that.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling Please don't Cc: me.
- -
Reply to: