smk@linus.UUCP (Steven M. Kramer) (07/02/83)
If you don't want your system subverted, you may want to install this in chkpth.c in uucp (the part is delimited by #ifdef MITRE): if (i >= Nbrusers) { if (*logname == '\0') u = Mchdef; else u = Logdef; if (u == NULL) return(FAIL); } /* found user name */ p = u->us_path; /* check for /../ in path name */ for (s = path; *s != '\0'; s++) { #ifdef MITRE /* Fix a //..// security hole, where UNIX ignores second / in // but it gets you thru uucp. */ while (prefix ("//", s)) s++; #endif if (*s == '/' && prefix("../", (++s))) return(FAIL); } for (p = u->us_path; *p != NULL; p++) if (prefix(*p, path)) return(0); -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP) linus!smk@mitre-bedford (ARPA)