Date: Wed, 10 Apr 1996 13:53:37 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: current@freebsd.org Subject: mail.local patch -- Was: /var/mail default permissions?? Message-ID: <2.2.32.19960410195337.006f3500@infowest.com>
next in thread | raw e-mail | index | archive | help
At 06:42 PM 4/10/96 +0200, you wrote: >Hmm. I also got that. > >John >-- >John Hay -- John.Hay@csir.co.za > >> > login: fred >> > passord: >> > % >> > % ls -l /var/mail/peter >> > % ls: /var/mail/peter: No such file or directory >> > % cat > /var/mail/peter >> > >> >> That was the end of Terry's message. >> >> Did this totally confuse anyone elses mailer? I see these two >> messages in elm: >> >> > 1 Apr 10 Bite Me (13) Ha ha >> > 2 Apr 10 Terry Lambert (41) Re: /var/mail default permissions?? >> >> and have this in my in box: >> >> > From dufault Wed Apr 10 07:34:25 1996 >> > From: anon@anon (Bite Me) >> > Subject: Ha ha >> > Status: OR >> > >> > Don't you wish you could do something about your mail... give >> > Fred $5 and he'll unlock it for you. >> > >> > -- Anon >> > >> > ^D >> > % exit >> >> which threw me for a loop a minute. I don't think this is what >> Terry was showing us. >> >> -- >> Temporarily via "hdalog@zipnet.net"... >> >> Peter Dufault Real-Time Machine Control and Simulation >> HD Associates, Inc. Voice: 508 433 6936 >> dufault@hda.com Fax: 508 433 5267 >> Same occured here... I get my mail via POP (running qpopper). I tracked down the cause of the problem. The problem is that mail.local ONLY prepends the famous ">" character to "From " lines ONLY WHEN the line above is blank (containing only a newline). Apparently, some mail readers (elm was mentioned above as being a victim, and my qpopper also had the problem) use a properly formatted "From " line as the separator WHETHER OR NOT the line above is blank. Example ...mail message body... P.S. Tell John Doe that he needs to write! From blahblah Wed Apr 10 10:40:55 1996 From: president@whitehouse.gov Subject: Pay your taxes NOW! Pay now, or be jailed later! End of example Since the "From blahblah" line is not accompanied by a blank line above, mail.local (the implementations I've looked at) will NOT prepend a ">" to the from line. However, other mail readers/handlers may very well treat the bogus From line as a valid message separator, thus creating the problem mentioned. This is definitely a bug I suspect some malicious user could use it terroristically against a user who did not know about the bug, especially if the malicious user carefully crafted bogus headers. I know e-mail is easily forged in other ways anyway, but this would allow someone to create forged e-mail with no "Received:" trail, again if the recipient was unaware of the above "bug". My fix: I think I will patch mail.local to prepend a ">" to ALL "From " lines, regardless of the line above. This is certainly easier than fixing all other programs. Here's my patch to mail.local for -stable of a few weeks ago: *** mail.local.c.orig Wed Apr 10 12:40:57 1996 --- mail.local.c Wed Apr 10 12:41:56 1996 *************** store(from) *** 143,149 **** { FILE *fp; time_t tval; ! int fd, eline; char *tn, line[2048]; tn = strdup(_PATH_LOCTMP); --- 143,149 ---- { FILE *fp; time_t tval; ! int fd; char *tn, line[2048]; tn = strdup(_PATH_LOCTMP); *************** store(from) *** 158,172 **** (void)fprintf(fp, "From %s %s", from, ctime(&tval)); line[0] = '\0'; ! for (eline = 1; fgets(line, sizeof(line), stdin);) { ! if (line[0] == '\n') ! eline = 1; ! else { ! if (eline && line[0] == 'F' && ! !memcmp(line, "From ", 5)) ! (void)putc('>', fp); ! eline = 0; ! } (void)fprintf(fp, "%s", line); if (ferror(fp)) { e_to_sys(errno); --- 158,166 ---- (void)fprintf(fp, "From %s %s", from, ctime(&tval)); line[0] = '\0'; ! while (fgets(line, sizeof(line), stdin)) { ! if (line[0] == 'F' && !memcmp(line, "From ", 5)) ! (void)putc('>', fp); (void)fprintf(fp, "%s", line); if (ferror(fp)) { e_to_sys(errno); It appears to work. I tested the original mail.local and the patched with the same intentionally composed message, and the patched mail.local correctly prepends the ">" character to ALL From lines, correctly prevending my test message from generating a second bogus message. Aaron out. --=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=-- Aaron D. Gifford InfoWest, 1845 W. Sunset Blvd, St. George, UT 84770 InfoWest Networking Phone: (801) 674-0165 FAX: (801) 673-9734 <agifford@infowest.com> Visit InfoWest at: "http://www.infowest.com/" ICBM: 37.07847 N, 113.57858 W "Southern Utah's Finest Network Connection" --=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19960410195337.006f3500>