Henrik Edlund wrote: > > I'm afraid that wouldn't help much, as you can supply any pathname as > > the -C (configuration file) argument: > > > > /path/to/majordomo/wrapper resend -l foobar -C /tmp/evilhack.pl > > > > I tested this with version 1.94.1, but the same behaviour seems to be > > there in 1.94.4, as far as I can tell by the source. > > This patch should take care of that problem: Not quite. Your patch can be fooled by simple link trickery as there is a race window between your check and the parsing of the configuration file. A better way is to stat the filehandle. This guarantees (on system supporting fstat) that you get the information on the file about to be read in rather than the information of a filename which may or may not be the same file which is being read in. -- Henrik Nordstrom
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:05 PDT