Date: Sat, 8 Jun 2002 00:21:37 +0200 From: Dean Strik <dean@stack.nl> To: Roger Marquis <marquis@roble.com> Cc: security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch Message-ID: <20020607222137.GB91889@dragon.stack.nl> In-Reply-To: <20020607151320.C46348-100000@roble.com> References: <20020607151320.C46348-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis wrote: > Problem description: > > The Pine email client allows users to define the "From:" > address independent of their Unix username. This is an > indispensable feature for help desks and other role accounts. > > Unfortunately, user names and/or ids can still be leaked due to > Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine > versions earlier than 4.44 may also insert the Unix username > into other envelope and header fields. Rewriting the From: header can hardly be called a decent privacy measure. Note that some MTAs (including postfix, dunno about others) add similar information anyway. If this is an issue for people, then they shouldn't use their personal accounts. Period. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020607222137.GB91889>