pan-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Pan-users] Re: Save attachment file permissions


From: Duncan
Subject: [Pan-users] Re: Save attachment file permissions
Date: Thu, 19 Feb 2009 11:37:39 +0000 (UTC)
User-agent: Pan/0.133 (House of Butterflies)

Paul Crawford <address@hidden> posted
address@hidden, excerpted below, on  Thu, 19 Feb 2009
09:07:30 +0000:

> I thought about the possible changes to fix this, and it occured that
> there are two options:
> 
> (1) Add the call to UUSetOption (UUOPT_IGNMODE, 1, NULL) somewhere.
> 
> (2) Change line 140 of uulib/uulib.c to have:
> 
> int uu_ignmode = 1;
> 
> (i.e. we make the decoder start-up to safe mode, so anyone wanting POSIX
> has to call UUSetOption to reset the ignore mode).
> 
> First solution works best is uulib is a separate entity from Pan and
> users do not want the default behaviour changed, second is better if
> uulib is integrated and/or could be used by anything else where this
> hole in security could be an issue.

The only binary the pan package includes is pan itself, no libraries, so 
it's using it internally, regardless of the discouragement on using 
internal libraries due to the security headaches when they have a hole 
that needs fixed and one has to figure out how many apps have internal 
versions...

That said, internal or not, keeping the library code as pristine as 
possible should be a goal, so I'd say option 1, adding the call to 
UUSetOption (UUOPT_IGNMODE, 1 NULL) somewhere, is the "correct" solution.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman





reply via email to

[Prev in Thread] Current Thread [Next in Thread]