smk@linus.UUCP (Steven M. Kramer) (07/02/83)
If you don't want your system subverted, you may want to install this
in chkpth.c in uucp (the part is delimited by #ifdef MITRE):
if (i >= Nbrusers) {
if (*logname == '\0')
u = Mchdef;
else
u = Logdef;
if (u == NULL)
return(FAIL);
}
/* found user name */
p = u->us_path;
/* check for /../ in path name */
for (s = path; *s != '\0'; s++) {
#ifdef MITRE
/* Fix a //..// security hole, where UNIX ignores
second / in // but it gets you thru uucp. */
while (prefix ("//", s))
s++;
#endif
if (*s == '/' && prefix("../", (++s)))
return(FAIL);
}
for (p = u->us_path; *p != NULL; p++)
if (prefix(*p, path))
return(0);
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP)
linus!smk@mitre-bedford (ARPA)