65975c2510
-- The Mutt Mail User Agent This is a nifty e-mail client that includes excellent PGP hooks. Other features include: - color support - message threading - MIME support (including RFC2047 support for encoded headers) - IMAP (also over SSL) and POP3 support - support for multiple mailbox formats (mbox, MMDF, MH, maildir) - highly customizable, including key bindings - searches using regular expression - Delivery Status Notification (DSN) support - PGP/MIME (RFC2015) - small and efficient Flavors: slang - build using the S-Lang library for screen handling. imap - build with IMAP & SSL support. pop - build with POP3 support. compressed - build with compressed folder support (see: http://www.spinnaker.de/mutt/compressed/) mixmaster - build with anonymous remailing support. This is the development version of mutt. WWW: http://www.mutt.org/
20 lines
797 B
Plaintext
20 lines
797 B
Plaintext
$OpenBSD: SECURITY,v 1.1.1.1 2001/08/20 19:51:53 lebel Exp $
|
|
|
|
Note: in ${WRKDIR}/rfc1524.c the function mutt_adv_mktemp
|
|
uses mktemp, but the resulting name is used much later in
|
|
a procedure that does an open with O_CREAT | O_EXCL. If the
|
|
open fails an error is reported and the user can try again.
|
|
If the open succeeds the fd is used in fdopen to get a FILE.
|
|
No security hole that I saw.
|
|
|
|
If the mktemp is replaced with mkstemp the open will fail as
|
|
the named file will exist. In order to use mkstemp the interface
|
|
to several functions will have to change so the fd returned by
|
|
mkstemp is eventually passed to the function that currently does
|
|
the open.
|
|
|
|
Remember s/mktemp/mkstemp/g does NOT work as the two functions have
|
|
different semantics.
|
|
|
|
${WRKDIR}/rfc1524.c: two calls to mktemp. -turan
|