[RFC PATCH 2/7] vim: mailcap: forbid access to display server

Subject: [RFC PATCH 2/7] vim: mailcap: forbid access to display server

Date: Thu, 13 Oct 2016 14:13:51 -0600

To: notmuch@notmuchmail.org

Cc: nlhowell@gmail.com

From: Nick Howell

Default to prevent mailcap from accessing the display server. Potential
concerns: a malicious .mailcap file + attachment could read your
keystrokes, or if the .mailcap file is non-malicious, an attachment
exploiting a vulnerability in your mailcap viewer.

In principle we should probably try to run mailcap with super-low
privileges, but I haven't explored this.
---
 vim/notmuch.vim | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vim/notmuch.vim b/vim/notmuch.vim
index c66c874..947fec0 100644
--- a/vim/notmuch.vim
+++ b/vim/notmuch.vim
@@ -60,7 +60,7 @@ let s:notmuch_reader_default = 'mutt -f %s'
 let s:notmuch_sendmail_default = 'sendmail'
 let s:notmuch_folders_count_threads_default = 0
 let s:notmuch_compose_start_insert_default = 1
-let s:notmuch_mailcap_filter_default = "run-mailcap --action=view %s:-"
+let s:notmuch_mailcap_filter_default = "DISPLAY= run-mailcap --action=view %s:-"
 
 function! s:new_file_buffer(type, fname)
 	exec printf('edit %s', a:fname)
-- 
2.7.3

• Previous message (by thread): [RFC PATCHv2 8/8] vim: mailcap: handle mailcap failure gracefully

Thread:

• J. Lewis Muir—Status of Vim client [inbox, unread]
  • Lucas Hoffmann—Re: Status of Vim client [inbox, signed, unread]
  • David Bremner—Re: Status of Vim client [inbox, unread]
  • Nick Howell—Re: Status of Vim client [inbox, unread]
    • Nick Howell—Re: Status of Vim client [inbox, unread]
      • David Bremner—Re: Status of Vim client [inbox, unread]
        • nlhowell@gmail.com—Re: Status of Vim client [inbox, unread]
          • Nick Howell—[RFC PATCH 0/2] vim: add "attach" support to compose [inbox, unread]
            • Nick Howell—[RFC PATCH 1/2] vim: compose: support additional Notmuch- filters [inbox, notmuch::patch, notmuch::wip, unread]
            • Nick Howell—[RFC PATCH 2/2] vim: compose: attachment support [inbox, notmuch::patch, notmuch::wip, unread]
          • Nick Howell—[RFC PATCH 0/7] vim: add mailcap filtering to show [inbox, unread]
            • Nick Howell—[RFC PATCH 1/7] vim: show: add mailcap filtering [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 2/7] vim: mailcap: forbid access to display server [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 3/7] vim: mailcap: gracefully handle missing mimetype [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 4/7] vim: mailcap: don't corrupt the view if filters write to stderr [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 5/7] vim: mailcap: redraw after processing [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 6/7] vim: mailcap: show all alternatives if none preferred [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCH 7/7] vim: mailcap: handle mailcap failure gracefully [inbox, notmuch::obsolete, notmuch::patch, unread]
            • Nick Howell—[RFC PATCHv2 0/8] vim: add mailcap filtering to show [inbox, unread]
              • Nick Howell—[RFC PATCHv2 1/8] vim: show: add mailcap filtering [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 2/8] vim: mailcap: forbid access to display server [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 3/8] vim: mailcap: gracefully handle missing mimetype [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 4/8] vim: mailcap: don't corrupt the view if filters write to stderr [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 5/8] vim: mailcap: redraw after processing [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 6/8] vim: show: add multipart/alternative picking [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 7/8] vim: mailcap: show all alternatives if none preferred [inbox, notmuch::patch, notmuch::wip, unread]
              • Nick Howell—[RFC PATCHv2 8/8] vim: mailcap: handle mailcap failure gracefully [inbox, notmuch::patch, notmuch::wip, unread]
          • David Bremner—Re: Status of Vim client [inbox, unread]