git: dma - Fix security hole

Matthew Dillon dillon at crater.dragonflybsd.org
Fri Aug 5 00:20:55 PDT 2016


commit 3badf6b7e6f752ed69aba5481467cb80054add1c
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Fri Aug 5 00:18:07 2016 -0700

    dma - Fix security hole
    
    * dma makes an age-old mistake of not properly checking whether a file
      owned by a user is a symlink or not, a bug which the original mail.local
      also had.
    
    * Add O_NOFOLLOW to disallow symlinks.
    
    Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
    	   about the mail.local bug.

Summary of changes:
 libexec/dma/dma-mbox-create.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3badf6b7e6f752ed69aba5481467cb80054add1c


-- 
DragonFly BSD source repository



More information about the Commits mailing list