From c787a28462b649e95bd10e154d1fa59ada9411fd Mon Sep 17 00:00:00 2001 From: Rocco Rutte Date: Sat, 4 Apr 2009 15:02:06 +0200 Subject: [PATCH] Manual: Remove duplicate section on mailcap use from security chapter We already have a more detailed section on secure mailcap usage, so link to it. --- doc/manual.xml.head | 52 ++------------------------------------------- 1 file changed, 2 insertions(+), 50 deletions(-) diff --git a/doc/manual.xml.head b/doc/manual.xml.head index 895dc5754..c93994d86 100644 --- a/doc/manual.xml.head +++ b/doc/manual.xml.head @@ -7303,57 +7303,11 @@ Mutt in many places has to rely on external applications or for convenience supports mechanisms involving external applications. - -mailcap - One of these is the mailcap mechanism as defined by -RfC1524. Mutt can be set up to automatically -execute any given utility as listed in one of the mailcap files (see the -$mailcap_path variable -for details.) - - - -These utilities may have a variety of security vulnerabilities, -including overwriting of arbitrary files, information leaks or other -exploitable bugs. These vulnerabilities may go unnoticed by the user, -especially when they are called automatically (and without interactive -prompting) from the mailcap file(s). When using Mutt's autoview -mechanism in combination with mailcap files, please be sure to... - - - - - -manually select trustworth applications with a reasonable calling -sequence - - - - -periodically check the contents of mailcap files, especially after -software installations or upgrades - - - - -keep the software packages referenced in the mailcap file up to date - - - - -leave the $mailcap-sanitize -variable with its default value to restrict mailcap expandos to a safe set of -characters +RfC1524. Details about a secure use of the mailcap mechanisms is given +in . - - - - - - -Other Besides the mailcap mechanism, Mutt uses a number of other external @@ -7363,8 +7317,6 @@ same security considerations apply for these as for tools involved via mailcap. - - -- 2.40.0