git: DragonFly_RELEASE_4_6 dma - Fix security hole

Matthew Dillon dillon at crater.dragonflybsd.org
Fri Aug 5 00:22:08 PDT 2016


commit 4b29b70210d665e58912070d3c58cd3cfe5ae120
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Fri Aug 5 00:18:07 2016 -0700

    dma - Fix security hole
    
    * dma makes an age-old mistake of not properly checking whether a file
      owned by a user is a symlink or not, a bug which the original mail.local
      also had.
    
    * Add O_NOFOLLOW to disallow symlinks.
    
    Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
    	   about the mail.local bug.

Summary of changes:
 libexec/dma/dma-mbox-create.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4b29b70210d665e58912070d3c58cd3cfe5ae120


-- 
DragonFly BSD source repository



More information about the Commits mailing list