CVSROOT: /cvs Module name: src Changes by: gil...@cvs.openbsd.org 2015/10/01 18:37:53
Modified files:
usr.sbin/smtpd : smtpd.c
Log message:
prevent users from playing hardlink/symlink/mkfifo games with their offline
messages and ~/.forward files. this allowed a local user to hang smtpd or
even reset chflags and read first line of any arbitrary file.
while at it, do not fatal() on unexpected cause of SIGCHLD as this allows a
specially crafted mda to cause smtpd to exit.
reporte by Qualys Security
