From: Daniel Stenberg (daniel.stenberg@autodiagnos.se)
Date: Tue Apr 20 1999 - 01:30:00 CDT
Tom von Alten wrote:
> 1) For ease of file management, our local modification of v1 used a
> subdirectory tree for attachments. If message 0123.html had attachments,
> for example, they'd be put into a
> archive/.attachments/0123/
> directory. This would have the side benefit of limiting the scope of
> potential mischief.
Yes, although in the case of ".htaccess" it could make all other attachments
in that mail unreadable.
> 2) If it is desired to keep attachments in a flat directory with the
> archive, a specific set of names (.htaccess is the only one that jumps out
> at me, but no doubt there are others) could be excluded.
We may not find a solution that can avoid the necessety of this feature
anyway. (1) does not remove the need for (2). If an attachment name is found
the "illegal" name list, it could use a randomly generated one instead.
It would even be an easy thing to add.
> 3) The local sysadmin could touch an .htaccess file and set the
permissions
> such that hypermail could not overwrite it. Similarly, for any other
> reserved names.
I'd prefer to avoid this.