From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 3CF57431FAF for ; Thu, 19 Jan 2012 14:49:03 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ctbGRv2IfY8h for ; Thu, 19 Jan 2012 14:49:02 -0800 (PST) Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU [18.7.68.35]) by olra.theworths.org (Postfix) with ESMTP id B0E2E431FAE for ; Thu, 19 Jan 2012 14:49:02 -0800 (PST) X-AuditID: 12074423-b7f9c6d0000008c3-42-4f189ddef878 Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id D1.60.02243.EDD981F4; Thu, 19 Jan 2012 17:49:02 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id q0JMn1dp012614; Thu, 19 Jan 2012 17:49:02 -0500 Received: from awakening.csail.mit.edu (awakening.csail.mit.edu [18.26.4.91]) (authenticated bits=0) (User authenticated as amdragon@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q0JMn0kX017101 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Thu, 19 Jan 2012 17:49:01 -0500 (EST) Received: from amthrax by awakening.csail.mit.edu with local (Exim 4.77) (envelope-from ) id 1Ro0mg-0004JD-TU; Thu, 19 Jan 2012 17:48:42 -0500 Date: Thu, 19 Jan 2012 17:48:42 -0500 From: Austin Clements To: Aaron Ecay Subject: Re: [PATCH] emacs: Quote MML tags in replies Message-ID: <20120119224842.GS16740@mit.edu> References: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprNKsWRmVeSWpSXmKPExsUixCmqrHtvroS/wbp+aYtpy7+wW1y/OZPZ gclj56y77B7PVt1iDmCK4rJJSc3JLEst0rdL4Mq42rWCqeAcb8XkyX/ZGxg/cnUxcnJICJhI nD/6ignCFpO4cG89WxcjF4eQwD5GicsTjrNDOBsYJSa+n8UC4Zxkkjj5+yuUs4RR4tqC5Yxd jBwcLAKqEnt3h4KMYhPQkNi2HyTMySEioCIxe958MJtZQFri2+9msHXCAqYSr7eeBovzCuhI bGyfzAZiCwk4SzROnMECEReUODnzCQtEr7rEn3mXmEFWgcxZ/o8DIiwv0bx1NjOIzSngIrHm XSeYLQq0dsrJbWwTGIVnIZk0C8mkWQiTZiGZtICRZRWjbEpulW5uYmZOcWqybnFyYl5eapGu mV5uZoleakrpJkZQHLC7KO9g/HNQ6RCjAAejEg8vp6uEvxBrYllxZe4hRkkOJiVRXu05QCG+ pPyUyozE4oz4otKc1OJDjBIczEoivA19QDnelMTKqtSifJiUNAeLkjivhtY7PyGB9MSS1OzU 1ILUIpisDAeHkgSvAjDehQSLUtNTK9Iyc0oQ0kwcnCDDeYCGJ4HU8BYXJOYWZ6ZD5E8xKkqJ 8xaAJARAEhmleXC9sDT1ilEc6BVh3lCQKh5gioPrfgU0mAlosEeTGMjgkkSElFQDY9wytdkS jy0i7DallRvySpe8bwk8ufI2A29ZbvFGxx+FT+Zf03quUL86rVZ/dvilWte6Qskp0qczy3eZ /xB53/K3KUWdZVpi5fYv+oKby++x1My78/9A+cJ+m80r96aZmi2/b/baaGoXv67wJcXeksDz lzddnNO7ekE73/rdXI5a39+tZbcJV2Ipzkg01GIuKk4EAGRSqSQuAwAA Cc: notmuch@notmuchmail.org X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2012 22:49:03 -0000 LGTM and I think it could go in despite my two comments below. Quoth Aaron Ecay on Jan 19 at 1:43 pm: > Emacs message-mode uses certain text strings to indicate how to attach > files to outgoing mail. If these are present in the text of an email, > and a user is tricked into replying to the message, the user’s files > could be exposed. > --- > > To demonstrate this, open a reply to this message then remove the > exclamation marks after the hash marks below. Create a file in your > home directory called passwd. Then press C-u M-x mml-preview. A > (possibly base64-encoded) version of your ~/passwd file will replace > the following lines: > > <#!part type="application/octet-stream" filename="~/passwd" > disposition=attachment description=foo> > <#!/part> > > It works equally well (and more dangerously) with /etc/passwd, but I > didn't use that filename here to avoid the danger of someone > accidentally attaching their /etc/passwd to a reply in this thread! > > emacs/notmuch-mua.el | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > index d8ab822..c25c6b9 100644 > --- a/emacs/notmuch-mua.el > +++ b/emacs/notmuch-mua.el > @@ -115,7 +115,8 @@ list." > (push-mark)) > (set-buffer-modified-p nil) > > - (message-goto-body)) > + (message-goto-body) > + (mml-quote-region (point) (mark))) Did you consider using point-max instead of mark? IIRC, that mark was very recently introduced which, perhaps irrationally, makes it seem less future-proof to me. > > (defun notmuch-mua-forward-message () > (message-forward) Speaking of future-proofing, it would be good to have a test.