[Users] Question about a change in Claws Mail 3.17.8
Liviu Lalescu
liviu-cm at lalescu.ro
Sun Oct 25 13:43:20 CET 2020
Hello,
Thank you for the answer!
On Sun, 25 Oct 2020 13:35:45 +0100
Ricardo Mones <ricardo at mones.org> wrote:
> Hi,
>
> On Sun, Oct 25, 2020 at 01:47:58PM +0200, Liviu Lalescu wrote:
> > Dear List,
> >
> > I use Claws Mail with great satisfaction. Thank you!
>
> You're welcome!
>
> […]
> > In my program I let the user select the external command to be
> > executed. Could you please tell me if I should worry about the above
> > and change anything in my code?
>
> Select a program from a list of files is no the same as letting the
> user input any string as a command. If your program allows modifiying
> the command after picking an executable the answer is probably yes,
> otherwise probably not. But I'm not a security expert, just MHO.
My program allows any string to be selected as an external command to
be executed after finishing the operation. So I should worry.
I tried to understand the Claws Mail description of the fix and the C++
code, but I could not, for now. Maybe somebody can help me with this?
(my program is designed for GNU/Linux, Windows, and Mac OS X.)
>
> regards,
More information about the Users
mailing list