Re: [exim-dev] exim_dbmbuild buffer overflow

Góra strony
Delete this message
Reply to this message
Autor: Tim Jackson
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] exim_dbmbuild buffer overflow
Tom Kistner wrote:

> The bug is in handling the name of the DB file, not the data which gets
> into the file.


This is a bonus, but I'm sure I'm not the only one with files named by
what could in theory ultimately be user data (e.g. domain)

e.g. /path/to/virtual_aliases/example.com

where the data in those files might be eligible for dbmbuild'ing.

I suspect there are probably at least some "control-panel" apps that do
something like this whilst allowing users to set up their own virtual
domains. To be fair, in that case there are probably bigger issues than
this if you are allowing arbitrary user input to be used in the naming
of files on your FS (let's hope you're whitelist-filtering your data and
careful what privileges scripts have if you're doing this :), but still.

Tim