Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!think!rlk
From: rlk@think.COM (Robert Krawitz)
Newsgroups: comp.bugs.4bsd
Subject: Re: CCA Emacs bogosity (random environment variable)
Message-ID: <5750@think.UUCP>
Date: Wed, 24-Jun-87 09:17:33 EDT
Article-I.D.: think.5750
Posted: Wed Jun 24 09:17:33 1987
Date-Received: Fri, 26-Jun-87 04:38:01 EDT
Sender: news@think.UUCP
Reply-To: rlk@THINK.COM
Organization: Thinking Machines Corporation, Cambridge, MA
Lines: 38

[came from comp.emacs, but not clear just where to post it.  But I
consider this a "bug" in "4bsd"...]

In article <7181@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
...long description of $henry omitted...

]4.3BSD Mail always acts as though the henry flag were set.  Sigh.
]Next thing you know someone will change the name of the `BUGS'
]manual section to `RESTRICTIONS'. . . .  :-)

It's terribly annoying for the tilde escapes to "work" when I'm trying
to pipe something into Mail from rn, for example.  When I'm doing
this, I *REALLY* don't want ~ escapes to do random things, since I
want the whole article, not the article modulo any tilde escapes.

There's another problem.  There is a fairly serious Trojan horse type
security hole in here.  I won't discuss it here (although anyone who
takes the time to read through the tilde escapes can no doubt figure
it out), but it's such that if you can post an article interesting
enough to a privileged user such that s/he decides to pipe it through
Mail (to mail to someone else), then it's quite easy to get into a
system.

There are a couple of possible solutions:

1)  Go back to the $henry approach, except document it.  Make the
default NOT allow tilde escapes when non-interactive.

2)  Make it a command line option (e. g. -~ enables ~ escapes).
Again, the default should be NOT allowing tilde escapes.

3)  To solve Robert Henry's gripe, which is probably the most common
reason for wanting ~ escapes in non-interactive sessions, allow -b and
-c command line options (bcc and cc, respectively).

These, of course, can be or'ed together.

Robert^Z