mail.local

From: *Hobbit* (hobbitat_private)
Date: Thu Aug 13 1998 - 09:23:06 PDT

Next message: Darren J Moffat - SunService ETZ-N OS Product Support Group: "Re: solaris 2.x rdist exploit / too many humbles :p"

Previous message: J. Joseph Max Katz: "[weejockat_private: Security issue with cvs (fwd)] (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

lcamtuf brings up:

   mail.local - introduces new class of local bugs, from DoS attacks to

Easy to fix, in the scenarios you propose.  Protect mail.local and/or the
directory it's in so that only gid-mail processes can run it.  For extra
bonus points, stick it behind one of those setuid-wrapper hacks.

That doesn't address the /tmp problem, but changing PATH_LOCTMP should get
its temporaries going somewhere unavailable to normal users.  At least it's
making efforts to call mkstemp.

One thing I can't understand is why people keep doing things like

        if (strlen(buf) > 128)
            buf[128] = '\0';

If you're gonna hard-terminate a string at a safe length, just *do* it.  The
length check is irrelevant here, and just wastes time.  If the buffer is
filled to an unsafe length in the first place, you've probably already lost.

_H*

Next message: Darren J Moffat - SunService ETZ-N OS Product Support Group: "Re: solaris 2.x rdist exploit / too many humbles :p"
Previous message: J. Joseph Max Katz: "[weejockat_private: Security issue with cvs (fwd)] (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:32 PDT