> patl@??? probably said:
> > Furthermore, the problem appears to only affect MUAs for various
> > flavors of Windows. Apparently the faulty programs assume that
> > the filenames specified will be legal FAT/VFAT/NTFS/... constructs
> > with no single component exceeding the OS' name length restrictions.
> > (E.g. 8.3 for Windows 3.x/FAT) Unix programs tend to be much more
> > liberal in the filenames they expect. (I don't know about Macs,
> > AmigaDOS or other OSes. I suspect that most of them are a small
> > enough segment of the market that they aren't even targetted.)
>
> Not true - both pine and mutt were two examples of unix programs that were
> vunerable.
Hmm. All the discussions I'd seen only mentioned Windows clients.
I can't say I'm really surprised though. C practically invites
this sort of error; and few engineers have the discipline to really
program defensively.
In any case, it isn't the responsibility of the MTA to protect MUAs
from message bodies that comply with RFC822 but happen to tickle
MUA implementation bugs. Or even from messages that comply with
RFC822 but not with any of the various MIME-related RFCs.
That being said; perhaps we could publish the Exim-filter equivalent
of the procmail/perl hack; along with any info known about which
client versions are vulnerable and where to look for client fixes.
-Pat
--
*** Exim information can be found at
http://www.exim.org/ ***