Re: [Exim] create_file = belowhome: unexpected behaviour

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM\Philip Hazel at <-
.MMVadim Vygonets at ->
Delete this message
Reply to this message
Author: Harald Meland
Date:  
To: Philip Hazel
CC: Ray Miller, exim-users
Subject: Re: [Exim] create_file = belowhome: unexpected behaviour
[Philip Hazel]

> Only a little while ago, On Fri, 1 Oct 1999, I wrote:
>
> > On Fri, 1 Oct 1999, Ray Miller wrote:
> >
> > > But if I specify "save /home/ray/../../tmp/foo" in the filter,
> >
> > Oh dear. I really don't have a devious enough mind! I will add a check
> > to the code to forbid .. components when that check is set. Thanks for
> > pointing out the problem.
>
> Here's a patch for Exim 3.03 that fixes this problem.

As far as I can see, a simple symlink ~/root -> / will still allow
users creating files anywhere they like (if they have write access).

To fix this, one would have to grind the destination through
realpath(3) (on systems that have such a thing) and compare the
resulting fully resolved destination with whatever restrictions there
are.
--
Harald



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] complex Auth[Exim] Spammer / Prohibiting single sender-address->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)