Re: Arbitrary Code Execution when using -x

spamass-milt-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arbitrary Code Execution when using -x

From:	Don Armstrong
Subject:	Re: Arbitrary Code Execution when using -x
Date:	Wed, 10 Mar 2010 16:13:11 -0800
User-agent:	Mutt/1.5.20 (2009-06-14)

On Wed, 10 Mar 2010, Dan Nelson wrote:
> In the last episode (Mar 09), Don Armstrong said:
> > popen shouldn't be used with user data; there is arbitrary remote code
> > execution when using -x.
> > 
> > You can temporarily disable -x; see
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228 for more
> > details.
> 
> I've got a preliminary patch at
> http://savannah.nongnu.org/bugs/index.php?29136 that replaces popen() with a
> popenv() function that takes an execv-style argument array; it's untested at
> the moment since I don't use -x myself.

Yeah, it's not the default in Debian either. I'll try to whip up a
test for this a bit later, but the patch basically does what I was
planning on doing too.

Thanks for responding quickly!


Don Armstrong

-- 
It seems intuitively obvious to me, which means that it might be wrong
 -- Chris Torek

http://www.donarmstrong.com              http://rzlab.ucr.edu

[Prev in Thread]

Current Thread

[Next in Thread]

Arbitrary Code Execution when using -x, Don Armstrong, 2010/03/09
- Re: Arbitrary Code Execution when using -x, Dan Nelson, 2010/03/10
  - Re: Arbitrary Code Execution when using -x, Don Armstrong <=

Prev by Date: Re: Arbitrary Code Execution when using -x
Next by Date: GOSSiP feature contemplation
Previous by thread: Re: Arbitrary Code Execution when using -x
Next by thread: GOSSiP feature contemplation
Index(es):
- Date
- Thread