salkind (11/03/82)
There is a rather serious security glitch in delivermail that allows you to send mail messages to arbitrary files. Here is a quick patch: *** /usr/src/cmd/delivermail/deliver.c.bak Tue Apr 14 11:03:12 1981 --- /usr/src/cmd/delivermail/deliver.c Wed Nov 3 13:59:57 1982 *************** *** 754,759 auto long tim; extern char *ctime(); f = fopen(filename, "a"); if (f == NULL) return (EX_CANTCREAT); --- 754,761 ----- auto long tim; extern char *ctime(); + if (access(filename, 2) < 0) + return (EX_CANTCREAT); f = fopen(filename, "a"); if (f == NULL) return (EX_CANTCREAT); ----- Lou