From 7768660f871adb19e15c78b85c0b5b66aa537e20 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sun, 15 Feb 1998 05:34:22 +0000
Subject: %F/%T warning.

svn path=/trunk/; revision=1626
---
 fetchmail.man | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/fetchmail.man b/fetchmail.man
index 885e52df..13985684 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -1517,6 +1517,14 @@ snooping is still possible if (a) either host has a network device
 that can be opened in promiscuous mode, or (b) the intervening network
 link can be tapped.
 .PP
+Use of the %F or %T escapes in an mda option could open a security
+hole, because they pass text manipulable by an attacker to a shell
+command.  The hole is reduced by the fact that fetchmail temporarily
+discards any suid privileges it may have while running the MDA.  To
+avoid potential problems, (1) enclose the %F and %T options in single
+quotes, (2) never use an mda command containing %F or %T when
+fetchmail is run from the root account itself.
+.PP
 Send comments, bug reports, gripes, and the like to Eric S. Raymond
 <esr@thyrsus.com>.  An HTML FAQ is available at the fetchmail home
 page; surf to http://www.ccil.org/~esr/fetchmail or do a WWW search
-- 
cgit v1.2.3