Re: CVS commit: src/usr.bin/mail

2018-05-23 Thread Christos Zoulas 
In article <20180523065522.ga18...@homeworld.netbsd.org>,
  wrote:
>You don't get to sneak a controversial change by omitting a real commit
>message.

το λακωνίζειν εστί φιλοσοφείν 

christos

Re: CVS commit: src/usr.bin/mail

2018-05-23 Thread maya 
You don't get to sneak a controversial change by omitting a real commit
message.

On Tue, May 22, 2018 at 09:03:47PM -0400, Christos Zoulas wrote:
> Module Name:  src
> Committed By: christos
> Date: Wed May 23 01:03:46 UTC 2018
> 
> Modified Files:
>   src/usr.bin/mail: Makefile mail.1
> 
> Log Message:
> Remove Mail
> 
> 
> To generate a diff of this commit:
> cvs rdiff -u -r1.36 -r1.37 src/usr.bin/mail/Makefile
> cvs rdiff -u -r1.63 -r1.64 src/usr.bin/mail/mail.1
> 
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
> 

> Modified files:
> 
> Index: src/usr.bin/mail/Makefile
> diff -u src/usr.bin/mail/Makefile:1.36 src/usr.bin/mail/Makefile:1.37
> --- src/usr.bin/mail/Makefile:1.36Sat Jul  5 15:22:04 2014
> +++ src/usr.bin/mail/Makefile Tue May 22 21:03:46 2018
> @@ -1,4 +1,4 @@
> -#$NetBSD: Makefile,v 1.36 2014/07/05 19:22:04 dholland Exp $
> +#$NetBSD: Makefile,v 1.37 2018/05/23 01:03:46 christos Exp $
>  #@(#)Makefile8.3 (Berkeley) 4/20/95
>  
>  .include 
> @@ -26,8 +26,8 @@ SRCS=   version.c support.c cmd1.c cmd2.c 
>   dotlock.c edit.c fio.c format.c getname.c head.c v7.local.c lex.c \
>   list.c main.c names.c popen.c quit.c send.c sig.c strings.c temp.c \
>   tty.c vars.c
> -LINKS=   ${BINDIR}/mail ${BINDIR}/Mail ${BINDIR}/mail ${BINDIR}/mailx
> -MLINKS=  mail.1 Mail.1 mail.1 mailx.1
> +LINKS=   ${BINDIR}/mail ${BINDIR}/mailx
> +MLINKS=  mail.1 mailx.1
>  
>  LDADD+=  -lutil
>  DPADD+=  ${LIBUTIL}
> 
> Index: src/usr.bin/mail/mail.1
> diff -u src/usr.bin/mail/mail.1:1.63 src/usr.bin/mail/mail.1:1.64
> --- src/usr.bin/mail/mail.1:1.63  Mon Jul  3 17:34:20 2017
> +++ src/usr.bin/mail/mail.1   Tue May 22 21:03:46 2018
> @@ -1,4 +1,4 @@
> -.\"  $NetBSD: mail.1,v 1.63 2017/07/03 21:34:20 wiz Exp $
> +.\"  $NetBSD: mail.1,v 1.64 2018/05/23 01:03:46 christos Exp $
>  .\"
>  .\" Copyright (c) 1980, 1990, 1993
>  .\"  The Regents of the University of California.  All rights reserved.
> @@ -29,13 +29,12 @@
>  .\"
>  .\"  @(#)mail.1  8.8 (Berkeley) 4/28/95
>  .\"
> -.Dd December 15, 2014
> +.Dd May 22, 2018
>  .Dt MAIL 1
>  .Os
>  .Sh NAME
>  .Nm mail ,
> -.Nm mailx ,
> -.Nm Mail
> +.Nm mailx
>  .Nd send and receive mail
>  .Sh SYNOPSIS
>  .Nm
> @@ -2299,11 +2298,14 @@ originally written by Kurt Shoens.
>  There are some flags and commands that are not documented here.
>  Most are not useful to the general user.
>  .Pp
> -Usually,
> +Historically,
>  .Nm
> -is just a link to
> +was just a link to
>  .Nm Mail ,
> -which can be confusing.
> +which was confusing.
> +.Nm Mail
> +has been removed in
> +.Nx 9 .
>  .Pp
>  The name of the
>  .Ic alternates
>

Re: CVS commit: src/usr.bin/mail

2014-12-17 Thread Christos Zoulas 
In article 20141217131849.r2prgpje%sdao...@yandex.com,
Steffen Nurpmeso  sdao...@yandex.com wrote:
This is fully yours and who am i but

 |Added expandaddr option to explicitly enable this behavior.

why does a Christos Zoulas silently wave through this sloppy
programmed shit from oss-sec that simply returns from outof()
instead of giving any indication on what is going on?
Unbelievable.

All you have to do is to set a variable to get the previous behavior,
and this is now documented. It is unexpected behavior that a mail
program can run commands on behalf of the user using special syntax.
Just a few weeks ago, we fixed a similar issue in ftp. Why didn't you
complain for that?

I believe that all maintained versions of mail upstream are being
adjusted to comply with this. What's the downside?

Or are you sure that everything that passes addresses to the mail
program command line sanitizes their addresses properly?

christos

Re: CVS commit: src/usr.bin/mail

2014-12-17 Thread Steffen Nurpmeso 
This is fully yours and who am i but

Christos Zoulas chris...@netbsd.org wrote:
 |Module Name:  src
 |Committed By: christos
 |Date: Tue Dec 16 19:30:24 UTC 2014
 |
 |Modified Files:
 | src/usr.bin/mail: cmd3.c extern.h fio.c mail.1 names.c send.c
 |
 |Log Message:
 |Fix various security related issues:
 |
 |0001. Do not recognize paths, mail folders, and pipes in mail addresses
 |by default.  That avoids a direct command injection with syntactically
 |valid email addresses starting with |.
 |
 |Such addresses can be specified both on the command line, the mail
 |headers (with -t) or in address lines copied over from previous
 |while replying.

 |Added expandaddr option to explicitly enable this behavior.

why does a Christos Zoulas silently wave through this sloppy
programmed shit from oss-sec that simply returns from outof()
instead of giving any indication on what is going on?
Unbelievable.

--steffen

Re: CVS commit: src/usr.bin/mail

2014-12-17 Thread Christos Zoulas 
In article 20141217142550.ne2degkj%sdao...@yandex.com,
Steffen Nurpmeso  sdao...@yandex.com wrote:

No, of course not -- except that validate user input screams
from every wall.  Maybe i'm just disappointed.  But any
environment that passes a string that includes shell meta
characters through to whatever else seems broken.  Tomorrow BSD
Mail / POSIX mailx(1) get a CVE for QoS attacks because of passing
through malformed addresses to MTAs that lead to nowhere but cause
several process lifetimes and log entries...  That doesn't seem
right.

It is to protect the innocent. Consider someone writing his first
cgi script and wants to add mail functionality :-) Perhaps as people
claimed mail/mailx is beyond hope...

christos

Re: CVS commit: src/usr.bin/mail

2014-12-17 Thread Steffen Nurpmeso 
chris...@astron.com (Christos Zoulas) wrote:
 |In article 20141217131849.r2prgpje%sdao...@yandex.com,
 |Steffen Nurpmeso  sdao...@yandex.com wrote:
 |This is fully yours and who am i but
 |
 ||Added expandaddr option to explicitly enable this behavior.
 |
 |why does a Christos Zoulas silently wave through this sloppy
 |programmed shit from oss-sec that simply returns from outof()
 |instead of giving any indication on what is going on?
 |Unbelievable.
 |
 |All you have to do is to set a variable to get the previous behavior,
 |and this is now documented. It is unexpected behavior that a mail
 |program can run commands on behalf of the user using special syntax.
 |Just a few weeks ago, we fixed a similar issue in ftp. Why didn't you
 |complain for that?

ftp is completely beyond my horizon except for open/close/mreget.
What is expected behaviour.  But yes it is better if there are
ways to disable it, i also see this now.

 |I believe that all maintained versions of mail upstream are being
 |adjusted to comply with this. What's the downside?

It seems i'm the last.  Missing checks, complete silence, no
report at all, e.g. exit status.  Bad programs.

 |Or are you sure that everything that passes addresses to the mail
 |program command line sanitizes their addresses properly?

No, of course not -- except that validate user input screams
from every wall.  Maybe i'm just disappointed.  But any
environment that passes a string that includes shell meta
characters through to whatever else seems broken.  Tomorrow BSD
Mail / POSIX mailx(1) get a CVE for QoS attacks because of passing
through malformed addresses to MTAs that lead to nowhere but cause
several process lifetimes and log entries...  That doesn't seem
right.

--steffen

Re: CVS commit: src/usr.bin/mail

2013-01-03 Thread Christos Zoulas 
In article 20130104015455.d9d3e17...@cvs.netbsd.org,
Christos Zoulas source-changes-d@NetBSD.org wrote:
-=-=-=-=-=-

Module Name:   src
Committed By:  christos
Date:  Fri Jan  4 01:54:55 UTC 2013

Modified Files:
   src/usr.bin/mail: mime_attach.c

Log Message:
PR/47396: Steffen: mail(1) may falsely use quoted-printable for files with
embedded NULs

Log message fixed on cvs.

christos