Bug#950319: libreoffice: filename replacements in mime entries for mailcap must not be quoted within the given command
block 950319 by 928037
thanks
On Sat, Feb 01, 2020 at 08:21:20AM +0100, Frank Loeffler wrote:
> in the mailcap is able to prevent shell escapes. This is why the replacing
> program must be the one doing this. Thus, if any tool using mailcap does not
> quote filenames properly and only relies on mailcap to do it for them, that
> would be a (security) bug within that tool.
Yes, and what happens if the MUA does not do that? Then we would
exchange a problem to an other? And given that the actual user base of
LO will probably use more GUI MUAs than mutt I'd prefer if they keep
working.
> I agree that this is confusing. I commented on a related bug within mutt
Indeed.
> first, only later realizing that mutt actually does it the right way.
> #928037 contains thoughts about this, including links to other threads, that
> show the problem from a more or less neutral view. This is why #928037
> exists: the RFC is rather unhelpful and other documentation does not really
> show users how those entries should be handled, right now.
Let's wait what comes out of 928037 then...
Regards,
Rene
Reply to: