[RFC PATCH 2/7] vim: mailcap: forbid access to display server

Nick Howell nlhowell at gmail.com
Thu Oct 13 13:13:51 PDT 2016


Default to prevent mailcap from accessing the display server. Potential
concerns: a malicious .mailcap file + attachment could read your
keystrokes, or if the .mailcap file is non-malicious, an attachment
exploiting a vulnerability in your mailcap viewer.

In principle we should probably try to run mailcap with super-low
privileges, but I haven't explored this.
---
 vim/notmuch.vim | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vim/notmuch.vim b/vim/notmuch.vim
index c66c874..947fec0 100644
--- a/vim/notmuch.vim
+++ b/vim/notmuch.vim
@@ -60,7 +60,7 @@ let s:notmuch_reader_default = 'mutt -f %s'
 let s:notmuch_sendmail_default = 'sendmail'
 let s:notmuch_folders_count_threads_default = 0
 let s:notmuch_compose_start_insert_default = 1
-let s:notmuch_mailcap_filter_default = "run-mailcap --action=view %s:-"
+let s:notmuch_mailcap_filter_default = "DISPLAY= run-mailcap --action=view %s:-"
 
 function! s:new_file_buffer(type, fname)
 	exec printf('edit %s', a:fname)
-- 
2.7.3



More information about the notmuch mailing list