electronic communication for the information terrorist
Bradley M. Kuhn
bkuhn@ebb.org
Tue, 18 May 1999 16:06:47 -0400
Kragen Sitaker wrote:
> Brad writes:
> > Kragen, wouldn't your time be better sent of doing a buffer-overflow audit
> > of say, mutt, and then add features you want to it?
>
> Mm, probably not.
Why not?
> > Also, one of the problems with sendmail-style mail in general is the idea of
> > a single folder
>
> You mean a single file?
Yes.
> > for all messages. Folders should be directories, and
> > messages should be files.
>
> Yes, probably so.
:)
> > The problem is that there is no (to my knowledge) RFC'd format that does
> > mail this way.
> MH-format (which is widely supported) and maildir format (which is less
> widely supported) both do mail this way. MH format is probably less
> reliable.
I had head Bad Things (TM) about MH format, and that's why I ignored it.
maildir format? Isn't that qmail's?
> > Have you considered writing it in a language that is less likely to allow
> > buffer overruns and security breeches? (like using Perl in taint mode or
> > something)?
> Yes, I was planning to use Perl. Taint mode is bad for this, though;
> it taints the wrong things. In this case, only data from the mailbox
> should be tainted.
Good point. You could hack Perl to taint variables for you:
use vars tainted $foo;
:)
> Is there a Scheme dialect that has cbreak-mode keyboard input, curses, and
> stat()?
Guile would be the only one, I think.
> Paul Ivffpure writes:
^^^^^^^^
Huh?
> > I tend to agree with Brad, though. I think it might be more efficient to
> > audit mutt than write your own client with some borrowed 'less' code. If
> > you tell me what to do, i'll help audit stuff...
> I don't know; mutt has some misfeatures that it shares with most mail
> clients.
Those would be...?
--
- bkuhn@ebb.org - Bradley M. Kuhn - bkuhn@gnu.org -
http://www.ebb.org/bkuhn