%F/%T warning.

svn path=/trunk/; revision=1627
author: Eric S. Raymond <esr@thyrsus.com> 1998-02-15 05:37:10 +0000
committer: Eric S. Raymond <esr@thyrsus.com> 1998-02-15 05:37:10 +0000
commit: 21fb9c6cbb7ee7d8155d30d136254713b55fecb2 (patch)
tree: ad033625f4f478a0c8216a8ad49b1704e6cbcd5e
parent: 7768660f871adb19e15c78b85c0b5b66aa537e20 (diff)
download: fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.tar.gz
fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.tar.bz2
fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/fetchmail.man b/fetchmail.man
index 13985684..de77262d 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1521,9 +1521,9 @@ Use of the %F or %T escapes in an mda option could open a security
 hole, because they pass text manipulable by an attacker to a shell
 command.  The hole is reduced by the fact that fetchmail temporarily
 discards any suid privileges it may have while running the MDA.  To
-avoid potential problems, (1) enclose the %F and %T options in single
-quotes, (2) never use an mda command containing %F or %T when
-fetchmail is run from the root account itself.
+avoid potential problems, (1) enclose the %F and %T escapes in single
+quotes within the option, and (2) never use an mda command containing
+%F or %T when fetchmail is run from the root account itself.
 .PP
 Send comments, bug reports, gripes, and the like to Eric S. Raymond
 <esr@thyrsus.com>.  An HTML FAQ is available at the fetchmail home
author	Eric S. Raymond <esr@thyrsus.com>	1998-02-15 05:37:10 +0000
committer	Eric S. Raymond <esr@thyrsus.com>	1998-02-15 05:37:10 +0000
commit	21fb9c6cbb7ee7d8155d30d136254713b55fecb2 (patch)
tree	ad033625f4f478a0c8216a8ad49b1704e6cbcd5e
parent	7768660f871adb19e15c78b85c0b5b66aa537e20 (diff)
download	fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.tar.gz fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.tar.bz2 fetchmail-21fb9c6cbb7ee7d8155d30d136254713b55fecb2.zip