diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2015-10-02 00:41:26 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2015-10-02 00:41:26 +0000 |
| commit | caab6ab6c3ca15652cdbe11122ae56e8dbfbece1 (patch) | |
| tree | 13e89d36cb2c14d6dde9ec2ab279bd7fff7ce6d1 | |
| parent | c29ae88ffdd3ceefdad5580d4de828688a27d4c0 (diff) | |
in secure_file(), make uid checking on .forward files more strict to avoid
users creating hardlink to root-owned files and leaking first line.
reported by Qualys Security
| -rw-r--r-- | usr.sbin/smtpd/util.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/usr.sbin/smtpd/util.c b/usr.sbin/smtpd/util.c index 330878abf80..f40cc40148d 100644 --- a/usr.sbin/smtpd/util.c +++ b/usr.sbin/smtpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.114 2015/08/16 20:53:19 gilles Exp $ */ +/* $OpenBSD: util.c,v 1.115 2015/10/02 00:41:25 gilles Exp $ */ /* * Copyright (c) 2000,2001 Markus Friedl. All rights reserved. @@ -500,9 +500,6 @@ valid_domainpart(const char *s) return res_hnok(s); } -/* - * Check file for security. Based on usr.bin/ssh/auth.c. - */ int secure_file(int fd, char *path, char *userdir, uid_t uid, int mayread) { @@ -520,7 +517,7 @@ secure_file(int fd, char *path, char *userdir, uid_t uid, int mayread) /* Check the open file to avoid races. */ if (fstat(fd, &st) < 0 || !S_ISREG(st.st_mode) || - (st.st_uid != 0 && st.st_uid != uid) || + st.st_uid != uid || (st.st_mode & (mayread ? 022 : 066)) != 0) return 0; |