From 21fb9c6cbb7ee7d8155d30d136254713b55fecb2 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sun, 15 Feb 1998 05:37:10 +0000
Subject: %F/%T warning.

svn path=/trunk/; revision=1627
---
 fetchmail.man | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fetchmail.man b/fetchmail.man
index 13985684..de77262d 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1521,9 +1521,9 @@ Use of the %F or %T escapes in an mda option could open a security
 hole, because they pass text manipulable by an attacker to a shell
 command.  The hole is reduced by the fact that fetchmail temporarily
 discards any suid privileges it may have while running the MDA.  To
-avoid potential problems, (1) enclose the %F and %T options in single
-quotes, (2) never use an mda command containing %F or %T when
-fetchmail is run from the root account itself.
+avoid potential problems, (1) enclose the %F and %T escapes in single
+quotes within the option, and (2) never use an mda command containing
+%F or %T when fetchmail is run from the root account itself.
 .PP
 Send comments, bug reports, gripes, and the like to Eric S. Raymond
 <esr@thyrsus.com>.  An HTML FAQ is available at the fetchmail home
-- 
cgit v1.2.3