Re: Vixie Cron version 3.0pl1 vulnerable to root exploit

From: Martin Schulze (joeyat_private)
Date: Sat Sep 04 1999 - 14:37:59 PDT

Next message: Bret Watson: "Re: I found this today and iam reporting it to you first!!! (fwd)"

Previous message: Stefan Stefanov: "Re: VLAN Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valentin Nechayev wrote:
> Quite more simple and correct variant is to append "--" to mailargs:
>
> > -#define MAILARGS "%s -FCronDaemon -odi -oem -or0s %s"		/*-*/
> > +#define MAILARGS "%s -FCronDaemon -odi -oem -- %s"			/*-*/
>
> After it, it's possible to use real local parts starting with '-'. ;)
> getopt() stops parsing after "--", and arguments after it will be parsed as
> positional, not as flags.

This will only work for those MTA's that use getopt or that use the --
feature.  For example, Smail does not.  Thus this would fix the bug
in connection with sendmail but not in connection with Smail.  Haven't
checked Postfix, Exim, Zmailer and Qmail, but it may be similar.

Regards,

	Joey

--
There are lies, statistics and benchmarks.

Next message: Bret Watson: "Re: I found this today and iam reporting it to you first!!! (fwd)"
Previous message: Stefan Stefanov: "Re: VLAN Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:34 PDT