Date: Wed, 29 Jul 1998 18:07:33 -0600 From: Brett Glass <brett@lariat.org> To: Gregory Sutter <gsutter@pobox.com>, freebsd-security@FreeBSD.ORG Subject: Re: procmail workaround for MIME filename overflow exploit Message-ID: <199807300007.SAA18937@lariat.lariat.org> In-Reply-To: <19980729145556.C16073@notabene.zer0.org> References: <199807291946.NAA14449@lariat.lariat.org> <199807291946.NAA14449@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:55 PM 7/29/98 -0700, Gregory Sutter wrote: >Brett, > >John's recipe has the same problem as Andrew McNaughton's proposed >solution -- it invokes perl. As far as I can see, it invokes Perl only if a potential exploit is recognized.... Hopefully, a rare event. John's original recipe DOES have the problem that it doesn't handle varying amounts of whitespace between items, or tabs rather than spaces as whitespace. I've mentioned this to John and I expect he'll update his recipes (he has several relating to MIME). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807300007.SAA18937>