delivermail glitch
utzoo!decvax!harpo!floyd!cmcl2!salkind
utzoo!decvax!harpo!floyd!cmcl2!salkind
Wed Nov 3 14:13:14 AEST 1982
There is a rather serious security glitch in delivermail that allows
you to send mail messages to arbitrary files. Here is a quick patch:
*** /usr/src/cmd/delivermail/deliver.c.bak Tue Apr 14 11:03:12 1981
--- /usr/src/cmd/delivermail/deliver.c Wed Nov 3 13:59:57 1982
***************
*** 754,759
auto long tim;
extern char *ctime();
f = fopen(filename, "a");
if (f == NULL)
return (EX_CANTCREAT);
--- 754,761 -----
auto long tim;
extern char *ctime();
+ if (access(filename, 2) < 0)
+ return (EX_CANTCREAT);
f = fopen(filename, "a");
if (f == NULL)
return (EX_CANTCREAT);
-----
Lou
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list