git: dma - Fix security hole
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Aug 5 00:20:55 PDT 2016
commit 3badf6b7e6f752ed69aba5481467cb80054add1c
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Aug 5 00:18:07 2016 -0700
dma - Fix security hole
* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.
* Add O_NOFOLLOW to disallow symlinks.
Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.
Summary of changes:
libexec/dma/dma-mbox-create.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/3badf6b7e6f752ed69aba5481467cb80054add1c
--
DragonFly BSD source repository
More information about the Commits
mailing list