git: DragonFly_RELEASE_4_6 dma - Fix security hole
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Aug 5 00:22:08 PDT 2016
commit 4b29b70210d665e58912070d3c58cd3cfe5ae120
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Aug 5 00:18:07 2016 -0700
dma - Fix security hole
* dma makes an age-old mistake of not properly checking whether a file
owned by a user is a symlink or not, a bug which the original mail.local
also had.
* Add O_NOFOLLOW to disallow symlinks.
Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
about the mail.local bug.
Summary of changes:
libexec/dma/dma-mbox-create.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4b29b70210d665e58912070d3c58cd3cfe5ae120
--
DragonFly BSD source repository
More information about the Commits
mailing list