[Users] Question about a change in Claws Mail 3.17.8

Ricardo Mones ricardo at mones.org
Sun Oct 25 13:35:45 CET 2020


Hi,

On Sun, Oct 25, 2020 at 01:47:58PM +0200, Liviu Lalescu wrote:
> Dear List,
> 
> I use Claws Mail with great satisfaction. Thank you!

You're welcome!

[…]
> In my program I let the user select the external command to be
> executed. Could you please tell me if I should worry about the above
> and change anything in my code?

Select a program from a list of files is no the same as letting the user
input any string as a command. If your program allows modifiying the
command after picking an executable the answer is probably yes,
otherwise probably not. But I'm not a security expert, just MHO.

regards,
-- 
  Ricardo Mones 
  ~
  Absence of evidence is not evidence of absence.          Carl Sagan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20201025/e3fa0b49/attachment.sig>


More information about the Users mailing list