From: Ron Brogden (rb@islandnet.com)
Date: Fri Apr 16 1999 - 19:28:11 CDT
At 05:14 PM 4/16/99 -0600, you wrote:
>There may be cases where attachments are inappropriate for an archived list,
>but for my purposes they are essential. Sending anything potentially
>untoward to /dev/null is an interesting concept, but not one I want in an
>MTA.
What I am worried about is the ease with which this could lead to scenarios
like remote users creating troublesome ".htaccess" files or malicious
binaries. It looks like Hypermail strips out "/" when it saves the file
(so they cannot happily roam about) and does not overwrite files but I just
managed to make a test archive inaccessible by sending an attachement
called ".htaccess" with garbage in it (I could have done more like adding a
new CGI-BIN directory but this was just a test).
I can understand why some folks would want attachements but there should at
least be an easy way to turn them off or use the standard behaviour of
"disable *except* for . . ." instead of having everything allowed by
default and no way to disable it.
IMHO anyways.
Thanks for the response and hope someone can suggest what to hack to fix this.
Cheers
-----------------------------------------------------------------------------
Island Net AMT Solutions Group Inc. Telephone: 250 383-0096
1412 Quadra Toll Free: 1 800 331-3055
Victoria, B.C. Fax: 250 383-6698
V8W 2L1 E-Mail: support@islandnet.com
Canada WWW: http://www.islandnet.com/
-----------------------------------------------------------------------------