[Users] That won't work.
wwp
subscript at free.fr
Tue Oct 13 16:46:24 CEST 2020
Hello,
On Tue, 13 Oct 2020 15:11:23 +0100 "Jeremy Nicoll" <jn.ml.clwm.729 at letterboxes.org> wrote:
> On Tue, 13 Oct 2020, at 11:12, Paul wrote:
>
> > On Tue, 13 Oct 2020 11:55:10 +0200
> > Michal Suchánek <msuchanek at suse.de> wrote:
> >
> > > In my view there is no way to use templates with commands safely in
> > > Claws.
> >
> > Of course there is. But obviously using random input is foolish.
>
> The "random input" in the examples is the contents of a header
> in the email that's being processed.
>
> Are you saying that no scripted processing of emails is safe?
Safety is something vague that navigates between caution and stupidity
(or innocence). Malicious data passed to an external script/program can
cause terrific damages, if the script/programs makes terrible things w/
data it receives. I think that our point here is to determine if Claws
Mail may execute malicious commands that are placed in header values or
not because of the way it executes the external command and passes data
to it. What the external script does is off-topic.
Regards,
--
wwp
https://useplaintext.email/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20201013/ac5c3489/attachment.sig>
More information about the Users
mailing list