You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/06/05 17:37:03 UTC

svn commit: r411822 - /spamassassin/branches/3.0/spamd/spamd.raw

Author: felicity
Date: Mon Jun  5 08:37:02 2006
New Revision: 411822

URL: http://svn.apache.org/viewvc?rev=411822&view=rev
Log:
bug 4926: given a certain set of parameters to spamd and a specially formatted input message, users could cause spamd to execute arbitrary commands as spamd user

Modified:
    spamassassin/branches/3.0/spamd/spamd.raw

Modified: spamassassin/branches/3.0/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.0/spamd/spamd.raw?rev=411822&r1=411821&r2=411822&view=diff
==============================================================================
--- spamassassin/branches/3.0/spamd/spamd.raw (original)
+++ spamassassin/branches/3.0/spamd/spamd.raw Mon Jun  5 08:37:02 2006
@@ -1379,20 +1379,22 @@
   my ( $name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc ) =
     getpwnam($userid);
 
-  if ( !$spamtest->{'paranoid'} && !defined($uid) ) {
-
-    #if we are given a username, but can't look it up,
-    #Maybe NIS is down? lets break out here to allow
-    #them to get 'defaults' when we are not running paranoid.
-    logmsg("handle_user: unable to find user '$userid'!");
+  if (!defined $uid) {
+    my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
+    die $errmsg if $spamtest->{'paranoid'};
+    # if we are given a username, but can't look it up, maybe name
+    # services are down?  let's break out here to allow them to get
+    # 'defaults' when we are not running paranoid
+    logmsg($errmsg);
     return 0;
   }
 
-  # not sure if this is required, the doco says it isn't
-  $uid =~ /^(\d+)$/ and $uid = $1;    # de-taint
-  $gid =~ /^(\d+)$/ and $gid = $1;    # de-taint
-
   if ($setuid_to_user) {
+
+    # not sure if this is required, the documentation says it isn't
+    $uid =~ /^(\d+)$/ and $uid = $1;    # de-taint
+    $gid =~ /^(\d+)$/ and $gid = $1;    # de-taint
+
     $) = "$gid $gid";                 # change eGID
     $> = $uid;                        # change eUID
     if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
@@ -1408,7 +1410,7 @@
   # If vpopmail config enabled then set $dir to virtual homedir
   #
   if ( $opt{'vpopmail'} ) {
-    $dir = `$dir/bin/vuserinfo -d $username`;
+    $dir = `$dir/bin/vuserinfo -d \Q$username\E`;
     chomp($dir);
   }
   my $cf_file = $dir . "/.spamassassin/user_prefs";