Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Incoming from Rick Moen:
> Quoting s. keeling (keeling@spots.ab.ca):
>
> > Well, even mutt will, if you turn on autoload crap in .muttrc and load
> > up your .mailcap with stupid helper apps.
> >
> > Out of the box, no, mutt doesn't do that.
>
> Ja. We might call the .mailcap scenario the "aim-gun-at-my-foot-please"
Ha!
The problem here is the nitwit factor. Nitwits who are deathly afraid
of having to think about what to do with some obscure file format, want
their app/OS to just fscking handle it and do the right thing. Well,
what app/OS is well known for that sort of behaviour? And what are the
generally expected repercussions? Oh yes. Lookout! and Internet
Exploder, and consequently enabled viruses, worms, trojans, spambots,
spyware, ...
I say again to the original poster, get a better MUA, running on a
better OS. I've no sympathy for your present situation. Attachments
are a valuable feature that your system is unable to take advantage
of. We don't have that problem here. That's why we run Debian.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling Please don't Cc: me.
- -
Reply to: