Date: Wed, 10 Apr 1996 13:53:37 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: current@freebsd.org Subject: mail.local patch -- Was: /var/mail default permissions?? Message-ID: <2.2.32.19960410195337.006f3500@infowest.com>
next in thread | raw e-mail | index | archive | help
At 06:42 PM 4/10/96 +0200, you wrote:
>Hmm. I also got that.
>
>John
>--
>John Hay -- John.Hay@csir.co.za
>
>> > login: fred
>> > passord:
>> > %
>> > % ls -l /var/mail/peter
>> > % ls: /var/mail/peter: No such file or directory
>> > % cat > /var/mail/peter
>> >
>>
>> That was the end of Terry's message.
>>
>> Did this totally confuse anyone elses mailer? I see these two
>> messages in elm:
>>
>> > 1 Apr 10 Bite Me (13) Ha ha
>> > 2 Apr 10 Terry Lambert (41) Re: /var/mail default
permissions??
>>
>> and have this in my in box:
>>
>> > From dufault Wed Apr 10 07:34:25 1996
>> > From: anon@anon (Bite Me)
>> > Subject: Ha ha
>> > Status: OR
>> >
>> > Don't you wish you could do something about your mail... give
>> > Fred $5 and he'll unlock it for you.
>> >
>> > -- Anon
>> >
>> > ^D
>> > % exit
>>
>> which threw me for a loop a minute. I don't think this is what
>> Terry was showing us.
>>
>> --
>> Temporarily via "hdalog@zipnet.net"...
>>
>> Peter Dufault Real-Time Machine Control and Simulation
>> HD Associates, Inc. Voice: 508 433 6936
>> dufault@hda.com Fax: 508 433 5267
>>
Same occured here... I get my mail via POP (running qpopper).
I tracked down the cause of the problem. The problem is that mail.local
ONLY prepends the famous ">" character to "From " lines ONLY WHEN the line
above is blank (containing only a newline). Apparently, some mail readers
(elm was mentioned above as being a victim, and my qpopper also had the
problem) use a properly formatted "From " line as the separator WHETHER OR
NOT the line above is blank.
Example
...mail message body...
P.S. Tell John Doe that he needs to write!
From blahblah Wed Apr 10 10:40:55 1996
From: president@whitehouse.gov
Subject: Pay your taxes NOW!
Pay now, or be jailed later!
End of example
Since the "From blahblah" line is not accompanied by a blank line above,
mail.local (the implementations I've looked at) will NOT prepend a ">" to
the from line. However, other mail readers/handlers may very well treat the
bogus From line as a valid message separator, thus creating the problem
mentioned.
This is definitely a bug I suspect some malicious user could use it
terroristically against a user who did not know about the bug, especially if
the malicious user carefully crafted bogus headers. I know e-mail is easily
forged in other ways anyway, but this would allow someone to create forged
e-mail with no "Received:" trail, again if the recipient was unaware of the
above "bug".
My fix: I think I will patch mail.local to prepend a ">" to ALL "From "
lines, regardless of the line above. This is certainly easier than fixing
all other programs. Here's my patch to mail.local for -stable of a few
weeks ago:
*** mail.local.c.orig Wed Apr 10 12:40:57 1996
--- mail.local.c Wed Apr 10 12:41:56 1996
*************** store(from)
*** 143,149 ****
{
FILE *fp;
time_t tval;
! int fd, eline;
char *tn, line[2048];
tn = strdup(_PATH_LOCTMP);
--- 143,149 ----
{
FILE *fp;
time_t tval;
! int fd;
char *tn, line[2048];
tn = strdup(_PATH_LOCTMP);
*************** store(from)
*** 158,172 ****
(void)fprintf(fp, "From %s %s", from, ctime(&tval));
line[0] = '\0';
! for (eline = 1; fgets(line, sizeof(line), stdin);) {
! if (line[0] == '\n')
! eline = 1;
! else {
! if (eline && line[0] == 'F' &&
! !memcmp(line, "From ", 5))
! (void)putc('>', fp);
! eline = 0;
! }
(void)fprintf(fp, "%s", line);
if (ferror(fp)) {
e_to_sys(errno);
--- 158,166 ----
(void)fprintf(fp, "From %s %s", from, ctime(&tval));
line[0] = '\0';
! while (fgets(line, sizeof(line), stdin)) {
! if (line[0] == 'F' && !memcmp(line, "From ", 5))
! (void)putc('>', fp);
(void)fprintf(fp, "%s", line);
if (ferror(fp)) {
e_to_sys(errno);
It appears to work. I tested the original mail.local and the patched with
the same intentionally composed message, and the patched mail.local
correctly prepends the ">" character to ALL From lines, correctly prevending
my test message from generating a second bogus message.
Aaron out.
--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--
Aaron D. Gifford InfoWest, 1845 W. Sunset Blvd, St. George, UT 84770
InfoWest Networking Phone: (801) 674-0165 FAX: (801) 673-9734
<agifford@infowest.com> Visit InfoWest at: "http://www.infowest.com/"
ICBM: 37.07847 N, 113.57858 W
"Southern Utah's Finest Network Connection"
--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19960410195337.006f3500>