A note to anybody applying this, via patch or otherwise. Don't keep the original resend lying around in the majordomo directory: wrapper assumes everything in that directory is secure, and will gladly execute it. [brock@o2 brock]$ /usr/freeware/majordomo/wrapper resend.orig '@|id' uid=1126(majordomo) gid=1(daemon) resend: must specify '-l list' at /usr/freeware/majordomo-1.94.4/resend.orig line 78. -- Brock Sides Unix Systems Administration Towery Publishing bsidesat_private On Wed, 29 Dec 1999, Todd C. Miller wrote: > For those using perl 5.x, you can use sysopen() instead of the "magic" > perl open() to fix this. > > - todd > > --- resend Thu Aug 19 10:12:03 1999 > +++ resend+ Tue Dec 28 23:55:39 1999 > @@ -58,7 +58,7 @@ > if ($ARGV[0] =~ /^\@/) { > $fn = shift(@ARGV); > $fn =~ s/^@//; > - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); > + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); > undef($/); # set input field separator > $av = <AV>; # read whole file into string > close(AV); >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:24:23 PDT