How can the mutt shell-escape feature be disabled?

Question

We are thinking of offering mutt for our member's email client. The user's shell is instead the mutt application launched on their Maildir folder. It works great so far but one huge problem is the shell-escape feature. This would allow users to execute arbitrary code on the system using shell-builtins.

Is there a way to disable the shell-escape in mutt? Otherwise we are thinking of using Alpine and hope that does not have a shell-escape feature as well.

score 4 · Answer 1 · answered Apr 27 '14 at 08:51

4

The specific shell that is used in mutt is a compile-time option:

$ mutt -v | grep -i shell
EXECSHELL="/bin/sh"

You need to recompile mutt to use rbash as EXECSHELL instead of sh. You also need to make sure rbash is properly secured, as it is not a complete solution on its own.

answered Apr 27 '14 at 08:51

dawud

15,096
3
42
61

2

Or use /bin/false as EXECSHELL :) – Dennis Kaarsemaker Apr 27 '14 at 09:40
Compiling with /bin/false does not allow vi or any editor to run – pipetosed Apr 27 '14 at 21:50
Another option is simply confining mutt in a chroot jail. Then the shell-builtins are no longer a threat. Any opinions on anything? Thanks – pipetosed Apr 27 '14 at 23:16

How can the mutt shell-escape feature be disabled?

1 Answers1