You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by fe...@apache.org on 2006/06/05 17:35:41 UTC
svn commit: r411821 - /spamassassin/branches/3.1/spamd/spamd.raw
Author: felicity
Date: Mon Jun 5 08:35:40 2006
New Revision: 411821
URL: http://svn.apache.org/viewvc?rev=411821&view=rev
Log:
bug 4926: given a certain set of parameters to spamd and a specially formatted input message, users could cause spamd to execute arbitrary commands as spamd user
Modified:
spamassassin/branches/3.1/spamd/spamd.raw
Modified: spamassassin/branches/3.1/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.1/spamd/spamd.raw?rev=411821&r1=411820&r2=411821&view=diff
==============================================================================
--- spamassassin/branches/3.1/spamd/spamd.raw (original)
+++ spamassassin/branches/3.1/spamd/spamd.raw Mon Jun 5 08:35:40 2006
@@ -1716,19 +1716,22 @@
my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
getpwnam($userid);
- if (!$spamtest->{'paranoid'} && !defined($uid)) {
- # if we are given a username, but can't look it up, maybe name
- # services are down? let's break out here to allow them to get
- # 'defaults' when we are not running paranoid
- info("spamd: handle_user unable to find user: $userid\n");
- return 0;
+ if (!defined $uid) {
+ my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
+ die $errmsg if $spamtest->{'paranoid'};
+ # if we are given a username, but can't look it up, maybe name
+ # services are down? let's break out here to allow them to get
+ # 'defaults' when we are not running paranoid
+ info($errmsg);
+ return 0;
}
- # not sure if this is required, the documentation says it isn't
- $uid =~ /^(\d+)$/ and $uid = $1; # de-taint
- $gid =~ /^(\d+)$/ and $gid = $1; # de-taint
-
if ($setuid_to_user) {
+
+ # not sure if this is required, the documentation says it isn't
+ $uid =~ /^(\d+)$/ and $uid = $1; # de-taint
+ $gid =~ /^(\d+)$/ and $gid = $1; # de-taint
+
$) = "$gid $gid"; # change eGID
$> = $uid; # change eUID
if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
@@ -1745,12 +1748,12 @@
#
if ( $opt{'vpopmail'} ) {
my $vpopdir = $dir;
- $dir = `$vpopdir/bin/vuserinfo -d $username`;
+ $dir = `$vpopdir/bin/vuserinfo -d \Q$username\E`;
if ($? != 0) {
#
# If vuserinfo failed $username could be an alias
#
- $dir = `$vpopdir/bin/valias $username`;
+ $dir = `$vpopdir/bin/valias \Q$username\E`;
if ($? == 0 && $dir !~ /.+ -> &/) {
$dir =~ s,.+ -> (/.+)/Maildir/,$1,;
} else {