electronic communication for the information terrorist
Bradley M. Kuhn
Tue, 18 May 1999 16:06:47 -0400
Kragen Sitaker wrote:
> Brad writes:
> > Kragen, wouldn't your time be better sent of doing a buffer-overflow audit
> > of say, mutt, and then add features you want to it?
> Mm, probably not.
> > Also, one of the problems with sendmail-style mail in general is the idea of
> > a single folder
> You mean a single file?
> > for all messages. Folders should be directories, and
> > messages should be files.
> Yes, probably so.
> > The problem is that there is no (to my knowledge) RFC'd format that does
> > mail this way.
> MH-format (which is widely supported) and maildir format (which is less
> widely supported) both do mail this way. MH format is probably less
I had head Bad Things (TM) about MH format, and that's why I ignored it.
maildir format? Isn't that qmail's?
> > Have you considered writing it in a language that is less likely to allow
> > buffer overruns and security breeches? (like using Perl in taint mode or
> > something)?
> Yes, I was planning to use Perl. Taint mode is bad for this, though;
> it taints the wrong things. In this case, only data from the mailbox
> should be tainted.
Good point. You could hack Perl to taint variables for you:
use vars tainted $foo;
> Is there a Scheme dialect that has cbreak-mode keyboard input, curses, and
Guile would be the only one, I think.
> Paul Ivffpure writes:
> > I tend to agree with Brad, though. I think it might be more efficient to
> > audit mutt than write your own client with some borrowed 'less' code. If
> > you tell me what to do, i'll help audit stuff...
> I don't know; mutt has some misfeatures that it shares with most mail
Those would be...?
- email@example.com - Bradley M. Kuhn - firstname.lastname@example.org -