diff options
| author | peter <peter@FreeBSD.org> | 1999-11-25 18:03:05 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1999-11-25 18:03:05 +0000 |
| commit | a392fe0bdb7081117c445f5dcc98d5ed4013dc17 (patch) | |
| tree | 95274305da4cb6ce2c7198c17fec9b9fd6b93c62 /contrib/sendmail | |
| parent | 19c8fca2df7a6f39e5208229f428ec269fb3adbf (diff) | |
| download | FreeBSD-src-a392fe0bdb7081117c445f5dcc98d5ed4013dc17.zip FreeBSD-src-a392fe0bdb7081117c445f5dcc98d5ed4013dc17.tar.gz | |
Apply the sendmail 8.9.3 denial-of-service patch which prevents untrusted
users from running newaliases. (This is to protect aliases.db against
truncation).
PR: 15088
Diffstat (limited to 'contrib/sendmail')
| -rw-r--r-- | contrib/sendmail/src/main.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index cea9d15..cb6fd57 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -984,6 +984,18 @@ main(argc, argv, envp) usrerr("Permission denied"); finis(FALSE, EX_USAGE); } + if (OpMode == MD_INITALIAS && + RealUid != 0 && + RealUid != TrustedUid && + !wordinclass(RealUserName, 't')) + { + if (LogLevel > 1) + sm_syslog(LOG_ALERT, NOQID, + "user %d attempted to rebuild the alias map", + RealUid); + usrerr("Permission denied"); + finis(FALSE, EX_USAGE); + } if (MeToo) BlankEnvelope.e_flags |= EF_METOO; |
