From owner-freebsd-questions Fri Sep 22 7:29:46 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.psknet.com (NS1.PSKNET.COM [63.171.251.2]) by hub.freebsd.org (Postfix) with SMTP id 151ED37B422 for ; Fri, 22 Sep 2000 07:29:42 -0700 (PDT) Received: (qmail 30998 invoked from network); 22 Sep 2000 14:31:18 -0000 Received: from abyss.dashit.net (HELO abyss) (209.100.22.250) by mail.psknet.com with SMTP; 22 Sep 2000 14:31:18 -0000 From: "Troy Settle" To: , "FreeBSD Questions" Subject: RE: Default IMAP INBOX to $HOME/Mailbox Date: Fri, 22 Sep 2000 10:30:16 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <20000922082633.B1004@linux.rainbow> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Igor, Perhaps a potential overflow, but only if one has already compromised libc or /etc/passwd, in which case, who cares about imap? FWIW, UW IMAP seems to be loaded with potential holes. The current port warns against using it on systems where you don't already allow for shell access. I'm not a coder of any real talent, so take that for what it's worth. The logic just doesn't seem to add up to this particular snippit of code being a serious threat. -- Troy Settle Pulaski Networks 540.994.4254 ** -----Original Message----- ** From: owner-freebsd-questions@FreeBSD.ORG ** [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Igor Roboul ** Sent: Friday, September 22, 2000 12:27 AM ** To: FreeBSD Questions ** Subject: Re: Default IMAP INBOX to $HOME/Mailbox ** ** ** On Thu, Sep 21, 2000 at 07:54:48PM -0400, Troy Settle wrote: ** > char tmp[MAILTMPLEN]; ** > if (!sysInbox) { /* initialize if first time */ ** > - sprintf (tmp,"%s/%s",MAILSPOOL,myusername ()); ** > + sprintf (tmp,"%s/%s",myhomedir(),".mail"); ** Do we have here potential buffer overflow? ** maybe we need ** snprintf(tmp,MAILTMPLEN-1,"%s/%s",myhomedir(),".mail"); ** ? ** ** ** -- ** Igor Roboul, Unix System Administrator & Programmer @ ** sanatorium "Raduga", ** Sochi, Russia ** http://www.brainbench.com/transcript.jsp?pid=304744 ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-questions" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message