Date: Thu, 13 Aug 1998 12:23:06 -0400
From: *Hobbit* <[email protected]>
To: [email protected]Subject: mail.local
lcamtuf brings up:
mail.local - introduces new class of local bugs, from DoS attacks to
Easy to fix, in the scenarios you propose. Protect mail.local and/or the
directory it's in so that only gid-mail processes can run it. For extra
bonus points, stick it behind one of those setuid-wrapper hacks.
That doesn't address the /tmp problem, but changing PATH_LOCTMP should get
its temporaries going somewhere unavailable to normal users. At least it's
making efforts to call mkstemp.
One thing I can't understand is why people keep doing things like
if (strlen(buf) > 128)
buf[128] = '\0';
If you're gonna hard-terminate a string at a safe length, just *do* it. The
length check is irrelevant here, and just wastes time. If the buffer is
filled to an unsafe length in the first place, you've probably already lost.
_H*
