A note to anybody applying this, via patch or otherwise. Don't keep the
original resend lying around in the majordomo directory: wrapper assumes
everything in that directory is secure, and will gladly execute it.
[brock@o2 brock]$ /usr/freeware/majordomo/wrapper resend.orig '@|id'
uid=1126(majordomo) gid=1(daemon)
resend: must specify '-l list' at
/usr/freeware/majordomo-1.94.4/resend.orig line 78.
--
Brock Sides
Unix Systems Administration
Towery Publishing
[EMAIL PROTECTED]
On Wed, 29 Dec 1999, Todd C. Miller wrote:
> For those using perl 5.x, you can use sysopen() instead of the "magic"
> perl open() to fix this.
>
> - todd
>
> --- resend Thu Aug 19 10:12:03 1999
> +++ resend+ Tue Dec 28 23:55:39 1999
> @@ -58,7 +58,7 @@
> if ($ARGV[0] =~ /^\@/) {
> $fn = shift(@ARGV);
> $fn =~ s/^@//;
> - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
> + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY):
>$!\nStopped");
> undef($/); # set input field separator
> $av = <AV>; # read whole file into string
> close(AV);
>
