From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id A52B6431FAF for ; Thu, 19 Jan 2012 14:25:23 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyGS15imj5SI for ; Thu, 19 Jan 2012 14:25:23 -0800 (PST) Received: from mail-ww0-f45.google.com (mail-ww0-f45.google.com [74.125.82.45]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id D6B36431FAE for ; Thu, 19 Jan 2012 14:25:22 -0800 (PST) Received: by wgbdt12 with SMTP id dt12so447008wgb.2 for ; Thu, 19 Jan 2012 14:25:20 -0800 (PST) Received: by 10.180.93.132 with SMTP id cu4mr42157627wib.9.1327011920213; Thu, 19 Jan 2012 14:25:20 -0800 (PST) Received: from localhost ([109.131.97.13]) by mx.google.com with ESMTPS id gy6sm30423674wib.11.2012.01.19.14.25.19 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 19 Jan 2012 14:25:19 -0800 (PST) From: Pieter Praet To: Aaron Ecay , notmuch@notmuchmail.org Subject: Re: [PATCH] emacs: Quote MML tags in replies In-Reply-To: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> References: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> User-Agent: Notmuch/0.11+99~gab86e73 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-unknown-linux-gnu) Date: Thu, 19 Jan 2012 23:23:29 +0100 Message-ID: <87wr8nuyam.fsf@praet.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jan 2012 22:25:23 -0000 On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay wrote: > Emacs message-mode uses certain text strings to indicate how to attach > files to outgoing mail. If these are present in the text of an email, > and a user is tricked into replying to the message, the user=E2=80=99s fi= les > could be exposed. > --- >=20 > To demonstrate this, open a reply to this message then remove the > exclamation marks after the hash marks below. Create a file in your > home directory called passwd. Then press C-u M-x mml-preview. A > (possibly base64-encoded) version of your ~/passwd file will replace > the following lines: >=20 > <#!part type=3D"application/octet-stream" filename=3D"~/passwd" > disposition=3Dattachment description=3Dfoo> > <#!/part> >=20 > It works equally well (and more dangerously) with /etc/passwd, but I > didn't use that filename here to avoid the danger of someone > accidentally attaching their /etc/passwd to a reply in this thread! >=20 > emacs/notmuch-mua.el | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) >=20 > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > index d8ab822..c25c6b9 100644 > --- a/emacs/notmuch-mua.el > +++ b/emacs/notmuch-mua.el > @@ -115,7 +115,8 @@ list." > (push-mark)) > (set-buffer-modified-p nil) >=20=20 > - (message-goto-body)) > + (message-goto-body) > + (mml-quote-region (point) (mark))) >=20=20 > (defun notmuch-mua-forward-message () > (message-forward) > --=20 > 1.7.8.3 >=20 > _______________________________________________ > notmuch mailing list > notmuch@notmuchmail.org > http://notmuchmail.org/mailman/listinfo/notmuch Wow, nice catch! You've just earned yourself a raise! An urgent +1 ! ### OT: For some reason, `mml-quote-region' explicitly re-quotes already quoted MML tags: "<#!*/?\\(multipart\\|part\\|external\\|mml\\)" Why is that ? Peace --=20 Pieter