From: Paul Mundt <lethal@ChaoticDreams.ORG>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: john slee <indigoid@higherplane.net>, linux-kernel@vger.kernel.org
Subject: Re: Test mail
Date: Mon, 30 Jul 2001 05:23:02 -0700 [thread overview]
Message-ID: <20010730052302.A17736@ChaoticDreams.ORG> (raw)
In-Reply-To: <20010730050749.A17726@ChaoticDreams.ORG> <E15RBxB-0003fv-00@the-village.bc.nu>
In-Reply-To: <E15RBxB-0003fv-00@the-village.bc.nu>; from alan@lxorguk.ukuu.org.uk on Mon, Jul 30, 2001 at 01:15:21PM +0100
On Mon, Jul 30, 2001 at 01:15:21PM +0100, Alan Cox wrote:
> > > ELM, Pine and Mutt have all at various times had holes that could have been
> > > used to write an exact Unix equivalent of the windows virus.
> > > <img src="file:/dev/mouse"> hangs some web browser email 4 years after the
> > > bug was reported and so on...
> > >
> > This all goes back to opening things blindly, and also ties in the issue of
> > HTML aware email clients.
>
> Most exploits are header parsing flaws, HTML email is irrelevant to this
> discussion.
>
Parsing an <img> tag certainly seems to make HTML email relevant...
> > Mail clients should simply be dealing with plain text. As soon as things like
> > HTML support are introduced into the client, you have the same sort of
> > problems that you do with easily exploitable web browsers.
>
> No. Most of them are header parsing flaws, they worked with plain text
> email just fine. In fact HTML parsing vulnerabilities (other than privacy
> violations) are pretty rare.
>
There are far fewer header parsing exploits floating around then there are
users executing things of an unknown origin and unknowingly sending copies of
said thing to everyone in their address book.
While header parsing exploits are indeed an issue, they hardly make up the
bulk of these sort of exploits.
Things like Elm, Pine, and Mutt can be as exploitable as anything else as far
as header parsing issues are concerned. They still account for far less
of the problems than things like Outlook do.
Regards,
--
Paul Mundt <lethal@chaoticdreams.org>
next prev parent reply other threads:[~2001-07-30 12:23 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-07-29 22:20 Test mail Mailing Server
2001-07-30 1:50 ` Test mail :: DO NOT FSKING OPEN THE ATTACHMENT God
2001-07-30 3:24 ` Michael Rothwell
2001-07-30 15:45 ` Jim Potter
2001-07-30 1:53 ` Test mail Anton Altaparmakov
2001-07-30 4:02 ` Rik van Riel
2001-07-30 6:09 ` Paul G. Allen
2001-07-30 6:28 ` Paul G. Allen
2001-07-30 7:10 ` Lew Wolfgang
2001-07-30 8:41 ` Paul G. Allen
2001-07-31 23:08 ` Dr. Kelsey Hudson
2001-07-30 9:45 ` Chris Crowther
2001-07-30 6:29 ` Alexander V. Bilichenko
2001-07-30 11:07 ` Paul Mundt
2001-07-30 11:45 ` john slee
2001-07-30 11:46 ` Alan Cox
2001-07-30 12:07 ` Paul Mundt
2001-07-30 12:15 ` Alan Cox
2001-07-30 12:23 ` Paul Mundt [this message]
2001-07-30 12:51 ` Alan Cox
2001-07-30 7:28 ` Riley Williams
2001-07-30 16:17 ` christophe barbé
2001-07-30 16:32 ` Ignacio Vazquez-Abrams
2001-07-30 17:22 ` Albert D. Cahalan
2001-07-30 17:38 ` Ignacio Vazquez-Abrams
2001-07-30 18:20 ` Justin Guyett
2001-07-30 21:14 ` Horst von Brand
2001-07-31 7:27 ` Ragnar Hojland Espinosa
2001-07-30 19:21 ` Colonel
2001-07-30 17:56 ` Jim Potter
2001-07-30 18:00 ` Mike Galbraith
2001-08-01 0:18 ` Dr. Kelsey Hudson
2001-08-01 11:56 ` szonyi calin
2001-07-30 17:25 ` Jakob Østergaard
2001-07-31 12:27 ` Matti Aarnio
2001-07-31 18:02 ` Virii on vger.kernel.org lists Riley Williams
2001-07-31 18:12 ` OT: " Craig Milo Rogers
2001-07-31 19:12 ` William Scott Lockwood III
2001-07-31 21:30 ` OT: " Paul G. Allen
2001-07-31 22:17 ` Riley Williams
2001-07-31 22:31 ` Thomas Duffy
2001-07-31 22:33 ` Craig Milo Rogers
2001-07-31 23:06 ` Riley Williams
2001-08-02 15:27 ` Alan Cox
2001-07-31 22:47 ` Alan Shutko
2001-08-01 21:07 ` Dr. Kelsey Hudson
2001-08-01 21:15 ` Alexander Viro
2001-08-01 21:57 ` J . A . Magallon
2001-08-02 5:38 ` Paul G. Allen
2001-08-02 5:44 ` Miles Lane
2001-08-02 13:49 ` john slee
2001-08-02 0:27 ` Alan Cox
2001-08-01 21:20 ` Justin Guyett
2001-08-02 1:57 ` Paul G. Allen
2001-08-07 15:07 ` Dick Streefland
2001-07-31 19:01 ` Kent Borg
2001-07-31 19:18 ` William Scott Lockwood III
2001-07-31 21:27 ` Ian Stirling
2001-07-31 21:50 ` William Scott Lockwood III
2001-07-31 22:49 ` Alan Olsen
2001-07-31 22:41 ` Riley Williams
2001-07-31 22:54 ` [OT] " William Scott Lockwood III
2001-07-31 23:19 ` Riley Williams
2001-07-31 23:31 ` William Scott Lockwood III
2001-07-31 23:30 ` Riley Williams
2001-07-31 23:51 ` [OT] Virii (sic) Guest section DW
2001-08-01 4:03 ` PCMCIA IDE_CS in 2.4.7 Alan Olsen
2001-08-01 3:37 ` Keith Owens
2001-08-01 5:42 ` Alan Olsen
2001-08-02 14:18 ` Alan Cox
2001-08-02 19:07 ` Alan Olsen
2001-08-02 17:58 ` Alan Cox
2001-08-02 19:21 ` Alan Olsen
2001-08-02 20:48 ` Alan Olsen
2001-08-16 0:04 ` Paul Mackerras
2001-08-01 6:58 ` [OT] Virii (sic) Riley Williams
2001-08-01 8:13 ` [Ridiculously OT] " David Huen
2001-08-02 7:33 ` Riley Williams
2001-08-02 10:04 ` Manfred Bartz
2001-08-01 8:56 ` [OT] " Nadav Har'El
2001-08-01 9:13 ` Alessandro Suardi
2001-08-01 10:38 ` Wakko Warner
2001-08-01 10:44 ` Jean-Luc
2001-08-02 1:57 ` Johan Kullstam
2001-08-01 10:03 ` Vojtech Pavlik
2001-08-02 3:46 ` Rik van Riel
2001-07-31 22:00 ` Virii on vger.kernel.org lists Matti Aarnio
2001-07-31 22:16 ` William Scott Lockwood III
2001-08-01 10:49 ` Dominik Kubla
2001-08-01 11:04 ` Dominik Kubla
2001-07-30 18:32 Test mail Torrey Hoffman
2001-07-30 19:19 ` Albert D. Cahalan
2001-07-30 18:33 ` Gregory Maxwell
2001-07-30 22:15 ` Jan Nieuwenhuizen
2001-07-31 8:27 ` christophe barbé
2001-07-31 11:44 ` William Scott Lockwood III
2001-07-30 19:32 Torrey Hoffman
2001-07-30 19:59 Per Jessen
2001-07-30 20:23 ` William Scott Lockwood III
2001-07-31 8:34 ` christophe barbé
2001-07-31 11:42 ` William Scott Lockwood III
2001-07-31 12:09 ` christophe barbé
2001-07-31 12:53 ` Alexander V. Bilichenko
2001-07-30 20:22 Per Jessen
2001-07-30 21:19 ` Admin Mailing Lists
2003-06-04 0:43 fix TCP roundtrip time update code kuznet
2003-06-04 2:01 ` Nivedita Singhvi
2003-06-04 3:23 ` David S. Miller
2003-06-04 4:35 ` David Mosberger
2003-06-04 4:40 ` Nivedita Singhvi
2003-06-04 5:34 ` David Mosberger
2003-06-04 6:04 ` Nivedita Singhvi
2003-06-04 7:21 ` test mail panchi
2003-11-06 8:13 Test mail ashok
2004-03-24 6:17 test mail Dinesh Kumar
2006-06-07 10:15 Adhiraj
2006-07-11 10:38 Chinmaya Mishra
2008-11-24 11:58 Pradeep G
2014-02-05 0:36 Test mail Rajat Jain
2014-04-14 1:04 test mail Pranith Kumar
2015-08-05 7:15 Test mail LIYONG
2017-11-29 1:35 Bruce Chang (VAS)
2017-11-29 1:50 Test Mail Tim Guo(BJ-RD)
2018-04-20 17:57 test mail Jeffrin Thalakkottoor
2020-11-11 9:32 IT Department
2021-11-16 4:47 Hoi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010730052302.A17736@ChaoticDreams.ORG \
--to=lethal@chaoticdreams.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=indigoid@higherplane.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).