Re: security hole in mailx

From: Theo de Raadt (deraadtat_private)
Date: Thu Jun 25 1998 - 11:07:18 PDT

Next message: Stunt Pope: "guestbook script is still vulnerable under apache"

Previous message: Jarkko Hietaniemi: "Re: textcounter.pl (alternate fix)"
Maybe in reply to: Alvaro Martinez Echevarria: "security hole in mailx"
Next in thread: Chris Adams: "Re: security hole in mailx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Of course the OpenBSD mailx program isn't setuid or setgid.

But we did an audit of the source code anyways.  This particular
buffer overflow isn't possible in our code, since $HOME is ignored the
moment it becomes longer than MAXPATHNAMELEN.

We found and fixed numerous other problems in mailx.  If anyone
intends to make this program setuid or setgid, they need to do a
significant amount of work... or just copy our code.

But I don't gaurantee all problems are fixed in our version... since
we are not running setgid.  We use a different mechanism for mail
spool locking.

Next message: Stunt Pope: "guestbook script is still vulnerable under apache"
Previous message: Jarkko Hietaniemi: "Re: textcounter.pl (alternate fix)"
Maybe in reply to: Alvaro Martinez Echevarria: "security hole in mailx"
Next in thread: Chris Adams: "Re: security hole in mailx"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:33 PDT