[Users] Question about a change in Claws Mail 3.17.8
Ricardo Mones
ricardo at mones.org
Sun Oct 25 13:35:45 CET 2020
Hi,
On Sun, Oct 25, 2020 at 01:47:58PM +0200, Liviu Lalescu wrote:
> Dear List,
>
> I use Claws Mail with great satisfaction. Thank you!
You're welcome!
[…]
> In my program I let the user select the external command to be
> executed. Could you please tell me if I should worry about the above
> and change anything in my code?
Select a program from a list of files is no the same as letting the user
input any string as a command. If your program allows modifiying the
command after picking an executable the answer is probably yes,
otherwise probably not. But I'm not a security expert, just MHO.
regards,
--
Ricardo Mones
~
Absence of evidence is not evidence of absence. Carl Sagan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20201025/e3fa0b49/attachment.sig>
More information about the Users
mailing list