Bugtraq mailing list archives

Re: Vixie Cron version 3.0pl1 vulnerable to root exploit

From: joey () FINLANDIA INFODROM NORTH DE (Martin Schulze)
Date: Sat, 4 Sep 1999 23:37:59 +0200


Valentin Nechayev wrote:

Quite more simple and correct variant is to append "--" to mailargs:

-#define MAILARGS "%s -FCronDaemon -odi -oem -or0s %s"              /*-*/
+#define MAILARGS "%s -FCronDaemon -odi -oem -- %s"                 /*-*/


After it, it's possible to use real local parts starting with '-'. ;)
getopt() stops parsing after "--", and arguments after it will be parsed as
positional, not as flags.


This will only work for those MTA's that use getopt or that use the --
feature.  For example, Smail does not.  Thus this would fix the bug
in connection with sendmail but not in connection with Smail.  Haven't
checked Postfix, Exim, Zmailer and Qmail, but it may be similar.

Regards,

        Joey

--
There are lies, statistics and benchmarks.

Current thread:

Re: Vixie Cron version 3.0pl1 vulnerable to root exploit Valentin Nechayev (Sep 01)
- Microsoft Security Bulletin (MS99-034) Aleph One (Sep 03)
- Re: Vixie Cron version 3.0pl1 vulnerable to root exploit Martin Schulze (Sep 04)