Hi, Jeff King wrote: > On Tue, Sep 28, 2021 at 04:46:52PM -0700, Junio C Hamano wrote: >>> On Tue, Sep 28, 2021 at 08:16:48AM -0400, Joey Hess wrote: >>>> As recently seen in fail2ban's security hole (CVE-2021-32749), >>>> piping user controlled input to mail is exploitable, >>>> since a line starting with "~! foo" in the input will run command foo. [...] >> It is not the primary focus for this documentation page to teach how >> to send e-mails in the first place. Instead of risking confused >> users rightly complain with "my 'mail' does not understand the -E >> option---what does this do?", I wonder if it is better to just change it to >> >> git rev-list --pretty ... >> - fi | >> - mail -s ... >> + fi >>/var/log/update.log >> >> so that it illustrates what's available *out* *of* *us* to the >> authors of the script, without having to teach them "mail" and other >> things we are responsible for. > > Yeah, I'd agree that side-stepping the issue entirely is a good > direction. Doing it right is probably best left to tools like > git-multimail. This makes sense to me. Joey, are you planning to send an updated version of the patch, or would you like us to take care of it? Thanks, Jonathan
