Re: [SECURITY] [DSA 076-1] New most packages available
On Tue, Sep 18, 2001 at 05:22:41PM -0400, Andres Salomon <email@example.com> wrote:
> On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
> > Andres Salomon <firstname.lastname@example.org> writes:
> > > How is this a remote exploit?
> > If I know somebody uses most as a pager for mail, I can send him or
> > her a specially-formatted message which will do various nasty things
> > to his or her account.
> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers. mutt uses vi, pine uses pico, X based MUAs
> certainly don't use most.. perhaps mail(x) or something similar use
> it, but that's not all too common. Certainly not enough, IMO, to classify
> this as a remote exploit.
Mutt uses a builtin pager by default. An external pager can be
specified using the 'pager' variable in the muttrc file. You're
thinking of the editor.
Tim van Erven