From kmail-devel  Mon Jan 31 20:26:43 2000
From: George Staikos <staikos () 0wned ! org>
Date: Mon, 31 Jan 2000 20:26:43 +0000
To: kmail-devel
Subject: aaaaiiiiiiieeeeeeeee dangerous
X-MARC-Message: https://marc.info/?l=kmail-devel&m=94935088918029

-----BEGIN PGP SIGNED MESSAGE-----


   I don't know if I misunderstood this, but:

   Today in bugtraq, Michal Zalewski posted a shellscript exploit to redhat
linux as an attachment.  I klicked on it thinking it would display the
script.  To my surprise it tried to *RUN* the script!!!!  This is not good! 
(luckily it failed for some reason).  I don't think the default on
executables should be "run".   I tried to "view" it and it failed to view as
well.  I'm going to hav ea look at this in the latest CVS code but we should
be careful.

- -- 

George Staikos 


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOJXw6vaardfOEhQRAQFiRQf+LzrqLx9aqMhTZNfmVfaksq1yJ6+lIWr+
SCmTjCCYU1tpXEC1PXd8B8cNfdxLr+BSgPE5sM4+j+4NEuoizDu17hj2PdRp5mK3
Ml4WtQCO59QYYg9dk4KCEkDAh+LULHPKuXcDD2cLnBbDf2FunAllFSM/Tl1/dRiu
maWJhqydYn3o9fToVC2fd563OsvSAUiDsILHR+KG24/eMrrBRItCsvI19l+L42z8
xT8+EnPJBGBqeWXMFu5LUbRxwZNd5Qy8XHo8SuPScgyfIzvgG1uMgOGtW8itNWur
T/28eJnRMFP6+ba+gXnYyC8xaAxKJhNqN2PPpS/eu5lyJzBr8jXf5A==
=YxZX
-----END PGP SIGNATURE-----