Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Thu, 13 Aug 1998 12:23:06 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Darren J Moffat - SunService ETZ-N OS Product Support Group: "Re: solaris 2.x rdist exploit / too many humbles :p"
- Previous message: J. Joseph Max Katz: "[weejockferret.lmh.ox.ac.uk: Security issue with cvs (fwd)] (fwd)"
lcamtuf brings up: mail.local - introduces new class of local bugs, from DoS attacks to Easy to fix, in the scenarios you propose. Protect mail.local and/or the directory it's in so that only gid-mail processes can run it. For extra bonus points, stick it behind one of those setuid-wrapper hacks. That doesn't address the /tmp problem, but changing PATH_LOCTMP should get its temporaries going somewhere unavailable to normal users. At least it's making efforts to call mkstemp. One thing I can't understand is why people keep doing things like if (strlen(buf) > 128) buf = '\0'; If you're gonna hard-terminate a string at a safe length, just *do* it. The length check is irrelevant here, and just wastes time. If the buffer is filled to an unsafe length in the first place, you've probably already lost. _H*