[PATCH] emacs: Quote MML tags in replies

Aaron Ecay aaronecay at gmail.com
Thu Jan 19 10:43:09 PST 2012


Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail.  If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
---

To demonstrate this, open a reply to this message then remove the
exclamation marks after the hash marks below.  Create a file in your
home directory called passwd.  Then press C-u M-x mml-preview.  A
(possibly base64-encoded) version of your ~/passwd file will replace
the following lines:

<#!part type="application/octet-stream" filename="~/passwd"
disposition=attachment description=foo>
<#!/part>

It works equally well (and more dangerously) with /etc/passwd, but I
didn't use that filename here to avoid the danger of someone
accidentally attaching their /etc/passwd to a reply in this thread!

 emacs/notmuch-mua.el |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index d8ab822..c25c6b9 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -115,7 +115,8 @@ list."
     (push-mark))
   (set-buffer-modified-p nil)
 
-  (message-goto-body))
+  (message-goto-body)
+  (mml-quote-region (point) (mark)))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)
-- 
1.7.8.3



More information about the notmuch mailing list