From: Aaron Ecay <aaronecay@gmail.com>
To: notmuch@notmuchmail.org
Subject: [PATCH] emacs: Quote MML tags in replies
Date: Thu, 19 Jan 2012 13:43:09 -0500 [thread overview]
Message-ID: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> (raw)
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
---
To demonstrate this, open a reply to this message then remove the
exclamation marks after the hash marks below. Create a file in your
home directory called passwd. Then press C-u M-x mml-preview. A
(possibly base64-encoded) version of your ~/passwd file will replace
the following lines:
<#!part type="application/octet-stream" filename="~/passwd"
disposition=attachment description=foo>
<#!/part>
It works equally well (and more dangerously) with /etc/passwd, but I
didn't use that filename here to avoid the danger of someone
accidentally attaching their /etc/passwd to a reply in this thread!
emacs/notmuch-mua.el | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index d8ab822..c25c6b9 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -115,7 +115,8 @@ list."
(push-mark))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ (mml-quote-region (point) (mark)))
(defun notmuch-mua-forward-message ()
(message-forward)
--
1.7.8.3
next reply other threads:[~2012-01-19 18:43 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-19 18:43 Aaron Ecay [this message]
2012-01-19 22:23 ` [PATCH] emacs: Quote MML tags in replies Pieter Praet
2012-01-19 22:46 ` Austin Clements
2012-01-19 22:52 ` Aaron Ecay
2012-01-19 23:19 ` Pieter Praet
2012-01-19 22:48 ` Austin Clements
2012-01-19 22:56 ` Aaron Ecay
2012-01-19 23:21 ` Pieter Praet
2012-01-20 3:26 ` Aaron Ecay
2012-01-22 6:39 ` Pieter Praet
2012-01-26 19:16 ` Austin Clements
2012-01-29 6:07 ` [PATCH 1/2] emacs: Add tests for quoting of " Aaron Ecay
2012-01-29 6:07 ` [PATCH 2/2] emacs: Quote " Aaron Ecay
2012-01-30 8:23 ` Tomi Ollila
2012-01-30 21:15 ` [PATCH 1/2] emacs: Add tests for quoting of " David Bremner
2012-01-20 7:33 ` [PATCH] emacs: Quote " David Edmondson
2012-01-20 12:14 ` David Bremner
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
2012-02-01 2:49 ` [PATCH v3 1/2] test: add tests for quoting of " Dmitry Kurochkin
2012-02-01 13:54 ` [PATCH v4 " Pieter Praet
2012-02-01 20:36 ` [PATCH v5 " Pieter Praet
2012-02-01 2:49 ` [PATCH v3 2/2] emacs: quote " Dmitry Kurochkin
2012-02-01 13:51 ` Pieter Praet
2012-02-01 14:18 ` Dmitry Kurochkin
2012-02-01 20:35 ` Pieter Praet
2012-02-01 20:37 ` [PATCH] test: replace occurrences of $PWD with vars that are more stable Pieter Praet
2012-02-01 23:09 ` Dmitry Kurochkin
2012-02-03 10:20 ` Pieter Praet
2012-02-03 10:28 ` Dmitry Kurochkin
2012-02-25 13:54 ` David Bremner
2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 1/2] test: add tests for quoting of MML tags in replies David Bremner
2012-02-02 4:01 ` [PATCH v4 2/2] emacs: quote " David Bremner
2012-02-03 10:22 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 1/3] test: add tests for quoting of MML tags in replies Pieter Praet
2012-02-03 10:24 ` [PATCH v6 2/3] emacs: quote " Pieter Praet
2012-02-03 10:24 ` [PATCH v6 3/3] post-merge fixes Pieter Praet
2012-02-04 19:05 ` David Bremner
2012-02-03 12:54 ` MML Quoting patches David Bremner
2012-02-03 14:28 ` Pieter Praet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1326998589-37187-1-git-send-email-aaronecay@gmail.com \
--to=aaronecay@gmail.com \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).