rlk@think.COM (Robert Krawitz) (06/24/87)
[came from comp.emacs, but not clear just where to post it. But I
consider this a "bug" in "4bsd"...]
In article <7181@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
...long description of $henry omitted...
]4.3BSD Mail always acts as though the henry flag were set. Sigh.
]Next thing you know someone will change the name of the `BUGS'
]manual section to `RESTRICTIONS'. . . . :-)
It's terribly annoying for the tilde escapes to "work" when I'm trying
to pipe something into Mail from rn, for example. When I'm doing
this, I *REALLY* don't want ~ escapes to do random things, since I
want the whole article, not the article modulo any tilde escapes.
There's another problem. There is a fairly serious Trojan horse type
security hole in here. I won't discuss it here (although anyone who
takes the time to read through the tilde escapes can no doubt figure
it out), but it's such that if you can post an article interesting
enough to a privileged user such that s/he decides to pipe it through
Mail (to mail to someone else), then it's quite easy to get into a
system.
There are a couple of possible solutions:
1) Go back to the $henry approach, except document it. Make the
default NOT allow tilde escapes when non-interactive.
2) Make it a command line option (e. g. -~ enables ~ escapes).
Again, the default should be NOT allowing tilde escapes.
3) To solve Robert Henry's gripe, which is probably the most common
reason for wanting ~ escapes in non-interactive sessions, allow -b and
-c command line options (bcc and cc, respectively).
These, of course, can be or'ed together.
Robert^Zgnu@hoptoad.uucp (John Gilmore) (07/01/87)
rlk@think.COM (Robert Krawitz) wrote: > 3) To solve Robert Henry's gripe, which is probably the most common > reason for wanting ~ escapes in non-interactive sessions, allow -b and > -c command line options (bcc and cc, respectively). I have always wondered why Berkeley Mail doesn't let you edit the header with the same editor you use to edit the text (e.g. initial entry from the keyboard, subsequently through ~v). I end up running /bin/mail all the time because it will let me type: % mail user Subject: this Bcc: me ...so if somebody is really considering fixing Berkeley Mail, how about fixing the whole problem rather than applying another patch? -- {dasys1,ncoast,well,sun,ihnp4}!hoptoad!gnu gnu@ingres.berkeley.edu Alt.all: the alternative radio of the Usenet. Contributions welcome - post 'em
forys@sigi.Colorado.EDU (Jeff Forys) (07/02/87)
In article <2350@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes: > I end up running /bin/mail all the time because it will let me type: > % mail user > Subject: this > Bcc: me Using /bin/mail to get an automatic `Bcc:' line is a little extreme. You can use `~h' to edit "Bcc" and a couple other header fields. It uses the infamous TIOCSTI ioctl (where available). 'Course, you cant add any new `clever' headers. It may have been done that way for simplicity, or `security' :-) ... > ...so if somebody is really considering fixing Berkeley Mail, how > about fixing the whole problem rather than applying another patch? Why bother? There are other, far superior mail interfaces out there. You might try `mh', it's extremely flexible (i.e. configurable). Uh, but if you dont have the time to learn a new mail interface... :-) --- Jeff Forys @ UC/Boulder Engineering Research Comp Cntr (303-492-4991) forys@Boulder.Colorado.EDU -or- ..!{hao|nbires}!boulder!forys