Date: Tue, 28 Jul 1998 21:04:56 -0700 From: Gregory Sutter <gsutter@pobox.com> To: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Any procmail experts here? Message-ID: <19980728210456.C12810@notabene.zer0.org> In-Reply-To: <199807290159.TAA26543@lariat.lariat.org>; from Brett Glass on Tue, Jul 28, 1998 at 07:59:32PM -0600 References: <199807290159.TAA26543@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 28, 1998 at 07:59:32PM -0600, Brett Glass wrote: > We have dozens of users who might get bit by the MIME filename buffer > overflow bug described at > > http://www.sjmercury.com/business/microsoft/docs/security0728.htm > > and would like to try to use procmail to plug the hole (it seems to be the > best tool for the job). However, I have no experience with procmail. Could > someone help me write a procmail.rc that will eliminate the extra-long > filenames, truncating them back to (say) 64 characters max? All that's > required is to recognize the Content-type: .... filename="<name>" header > and make sure that <name> is chopped if it's too long. > > This would be a fix for which thousands of sysadmins would be exceedinglyy > grateful. Brett, I suggest you also make that request of the procmail mailing list, at procmail@informatik.rwth-aachen.de (subscription requests to procmail-request@...) There are some real procmail geniuses there. Regards, Greg -- Gregory S. Sutter "How do I read this file?" mailto:gsutter@pobox.com "You uudecode it." http://www.pobox.com/~gsutter/ "I I I decode it?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980728210456.C12810>