aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wemm <peter@FreeBSD.org>1999-11-25 18:03:05 +0000
committerPeter Wemm <peter@FreeBSD.org>1999-11-25 18:03:05 +0000
commitb518ca7de5820956700c15009494373b46ec0dbd (patch)
tree95274305da4cb6ce2c7198c17fec9b9fd6b93c62
parent2e43090e08ca86a65c21563aa81aeaacf20e5e37 (diff)
downloadsrc-b518ca7de5820956700c15009494373b46ec0dbd.tar.gz
src-b518ca7de5820956700c15009494373b46ec0dbd.zip
Apply the sendmail 8.9.3 denial-of-service patch which prevents untrusted
users from running newaliases. (This is to protect aliases.db against truncation). PR: 15088
Notes
Notes: svn path=/vendor/sendmail/dist/; revision=53696
-rw-r--r--contrib/sendmail/src/main.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c
index cea9d158d711..cb6fd57e44c0 100644
--- a/contrib/sendmail/src/main.c
+++ b/contrib/sendmail/src/main.c
@@ -984,6 +984,18 @@ main(argc, argv, envp)
usrerr("Permission denied");
finis(FALSE, EX_USAGE);
}
+ if (OpMode == MD_INITALIAS &&
+ RealUid != 0 &&
+ RealUid != TrustedUid &&
+ !wordinclass(RealUserName, 't'))
+ {
+ if (LogLevel > 1)
+ sm_syslog(LOG_ALERT, NOQID,
+ "user %d attempted to rebuild the alias map",
+ RealUid);
+ usrerr("Permission denied");
+ finis(FALSE, EX_USAGE);
+ }
if (MeToo)
BlankEnvelope.e_flags |= EF_METOO;