From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id E988B431FAF for ; Thu, 19 Jan 2012 14:46:51 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhTHR+sfb31L for ; Thu, 19 Jan 2012 14:46:51 -0800 (PST) Received: from dmz-mailsec-scanner-3.mit.edu (DMZ-MAILSEC-SCANNER-3.MIT.EDU [18.9.25.14]) by olra.theworths.org (Postfix) with ESMTP id 6A7D4431FAE for ; Thu, 19 Jan 2012 14:46:51 -0800 (PST) X-AuditID: 1209190e-b7f7c6d0000008c3-9d-4f189d5b5e2f Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 77.7C.02243.B5D981F4; Thu, 19 Jan 2012 17:46:51 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id q0JMkoMT028908; Thu, 19 Jan 2012 17:46:50 -0500 Received: from awakening.csail.mit.edu (awakening.csail.mit.edu [18.26.4.91]) (authenticated bits=0) (User authenticated as amdragon@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q0JMknXU016350 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Thu, 19 Jan 2012 17:46:50 -0500 (EST) Received: from amthrax by awakening.csail.mit.edu with local (Exim 4.77) (envelope-from ) id 1Ro0kZ-0004Ix-RR; Thu, 19 Jan 2012 17:46:31 -0500 Date: Thu, 19 Jan 2012 17:46:31 -0500 From: Austin Clements To: Aaron Ecay , Pieter Praet Subject: Re: [PATCH] emacs: Quote MML tags in replies Message-ID: <20120119224631.GR16740@mit.edu> References: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> <87wr8nuyam.fsf@praet.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87wr8nuyam.fsf@praet.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKKsWRmVeSWpSXmKPExsUixG6nohs9V8LfYNVLTotpy7+wW1y/OZPZ 4vfrG8wOzB47Z91l93i26hazR8e+y6wBzFFcNimpOZllqUX6dglcGSe3tDIW7OOvOH1jEksD 43SeLkZODgkBE4m2jbOZIGwxiQv31rN1MXJxCAnsY5To6dvHAuFsYJRYu7CNHcI5ySQx4Xg/ E4SzhFGit3cCUA8HB4uAqsSZJdEgo9gENCS27V/OCGKLCLhKbPu4jh3EZhaQlvj2uxlsnbCA qcTrrafBangFdCTerT4OViMkkCBx+fw/Zoi4oMTJmU9YIHrVJf7Mu8QMsgpkzvJ/HBBheYnm rbPByjmBSn5c/w42UlRARWLKyW1sExiFZyGZNAvJpFkIk2YhmbSAkWUVo2xKbpVubmJmTnFq sm5xcmJeXmqRrrFebmaJXmpK6SZGUGxwSvLtYPx6UOkQowAHoxIPL6erhL8Qa2JZcWXuIUZJ DiYlUV7tOUAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrwNfUA53pTEyqrUonyYlDQHi5I4r5rW Oz8hgfTEktTs1NSC1CKYrAwHh5IE70qQoYJFqempFWmZOSUIaSYOTpDhPEDDF4LU8BYXJOYW Z6ZD5E8xKkqJ8x4DSQiAJDJK8+B6YanrFaM40CvCvLdAqniAaQ+u+xXQYCagwR5NYiCDSxIR UlINjLN9r7P/1Kvf5bdw5bP4E8cVFrIVfZ4gN1Go41N86dYrl+PEQpU6xIStSzq7YracO1zt bPU97apavuRnVuepudKL/5ZHp0hfelOm4dDfZvZv7mQjhk1dx4Jmukxmn/bqhwurlnHMgVzl qS+/SVWZ3TLw5jR8G6Ccuy48NFx564ITDK9rOyPllFiKMxINtZiLihMBFJlgajgDAAA= Cc: notmuch@notmuchmail.org X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2012 22:46:52 -0000 Quoth Pieter Praet on Jan 19 at 11:23 pm: > On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay wrote: > > Emacs message-mode uses certain text strings to indicate how to attach > > files to outgoing mail. If these are present in the text of an email, > > and a user is tricked into replying to the message, the user’s files > > could be exposed. > > --- > > > > To demonstrate this, open a reply to this message then remove the > > exclamation marks after the hash marks below. Create a file in your > > home directory called passwd. Then press C-u M-x mml-preview. A > > (possibly base64-encoded) version of your ~/passwd file will replace > > the following lines: > > > > <#!part type="application/octet-stream" filename="~/passwd" > > disposition=attachment description=foo> > > <#!/part> > > > > It works equally well (and more dangerously) with /etc/passwd, but I > > didn't use that filename here to avoid the danger of someone > > accidentally attaching their /etc/passwd to a reply in this thread! > > > > emacs/notmuch-mua.el | 3 ++- > > 1 files changed, 2 insertions(+), 1 deletions(-) > > > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > > index d8ab822..c25c6b9 100644 > > --- a/emacs/notmuch-mua.el > > +++ b/emacs/notmuch-mua.el > > @@ -115,7 +115,8 @@ list." > > (push-mark)) > > (set-buffer-modified-p nil) > > > > - (message-goto-body)) > > + (message-goto-body) > > + (mml-quote-region (point) (mark))) > > > > (defun notmuch-mua-forward-message () > > (message-forward) > > Wow, nice catch! You've just earned yourself a raise! Indeed. > An urgent +1 ! > > > ### OT: > For some reason, `mml-quote-region' explicitly re-quotes > already quoted MML tags: > > "<#!*/?\\(multipart\\|part\\|external\\|mml\\)" > > Why is that ? Probably so the transformation is invertible, though as far as I can tell there's no mml-unquote-region.