Bugtraq mailing list archives
Re: Sendmail 8.6.10: what's different?
From: peter () haywire DIALix COM (Peter Wemm)
Date: Fri, 24 Feb 1995 11:07:13 +0800 (WST)
On Thu, 23 Feb 1995, der Mouse wrote:
cleanstrcpy(), referred to several times above, is like strcpy, but it strips newlines and copies only a restricted set of characters: letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen, there's no indication.
Imagine if an "untrustworthy element" on your system supplied an argument with a newline embedded in it, and it was then fprintf(qf, "%s@%s\n", arg, userstring); to the queue file. You can cause extra lines to be written into the queue files, of whatever content you like, and if you choose correctly, you should be able to do some pretty horrible things. Actually, I like the approach of "explicitly listing what we know is good", rather than "exclude characters that we know of that are bad" - it's a lot safer to verify and has less suprises down the track. -Peter
der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Sendmail 8.6.9 security hole, (continued)
- Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
- Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)
- X keyboard sniffing Paul Howell (Feb 23)
- Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
- Re: new sendmail bug? Michael Van Norman (Feb 23)
- Re: snooper watchers Aleph One (Feb 22)
- Re: HP-UX Problem... Pete Shipley (Feb 21)