You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gaute Hope edited this page Oct 29, 2013
·
4 revisions
Secure usage of Sup
We are not aware of anyone having had their Sup exploited yet, but there are some important concerns that you must have when setting up Sup or writing custom hooks.
Attachments
When a sender attaches a file the content_type and filename metadata are controlled by the sender. This metadata is used when opening or decoding an attachment. It is important that you do not use these fields uncritical when you include them in a command that will be executed (e.g. opening an attachment or decoding a HTML attachment using w3m). Please see Viewing-Attachments for details.