[Users] That won't work.
Dave Howorth
dave at howorth.org.uk
Mon Oct 12 21:36:59 CEST 2020
On Mon, 12 Oct 2020 12:20:47 +0200
Ralf Mardorf via Users <users at lists.claws-mail.org> wrote:
> On Mon, 12 Oct 2020 10:56:35 +0100, Dave Howorth wrote:
> >I think you're misunderstanding the scenario. Which is that *you*
> >have used claws facilities to install a script that *you* have
> >written or obtained from elsewhere.
>
> Write a secure script and don't use a script obtained from elsewhere,
> problem solved!
You're definitely not understanding the problem. Please read again the
bit about "a script that *you* have written" and engage the brain and
try to understand the whole picture. Given the way the script is
invoked, it doesn't make any difference how securely the script is
written. It never gets to see the evil part of the payload. That's the
problem.
> I can't notice a Claws bug, when you use a broken
> script, to customize Claws. If you don't have got the skills to write
> a secure script, than don't do it.
Again, you've missed the point.
PS Don't copy me on any reply.
> An illegal weapons dealer probably wants that her script allows to
> remotely delete everything.
> _______________________________________________
> Users mailing list
> Users at lists.claws-mail.org
> https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list