| commit | 3badf6b7e6f752ed69aba5481467cb80054add1c | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Fri, 5 Aug 2016 07:18:07 +0000 (5 00:18 -0700) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Fri, 5 Aug 2016 07:18:07 +0000 (5 00:18 -0700) | ||
| tree | 7f5ad8f905b0d8f850e667d5cf2b7e60767f1fd8 | treesnapshot (tar.gz zip) |
| parent | 6b6525b6d13261ca5912b8e220a60757a0d4fb55 | commitdiff |
dma - Fix security hole
* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.
* Add O_NOFOLLOW to disallow symlinks.
Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.
* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.
* Add O_NOFOLLOW to disallow symlinks.
Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.
| libexec/dma/dma-mbox-create.c | diffblobblamehistory |