projects / exim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a04fa7) | patch
Protect against symlink attacks on MBX lockfile in /tmp as best we can:
authorPhil Pennock <pdp@exim.org>
Sat, 29 May 2010 12:11:48 +0000 (12:11 +0000)
committerPhil Pennock <pdp@exim.org>
Sat, 29 May 2010 12:11:48 +0000 (12:11 +0000)
commitbf83d8d38bc9a0f3b3574eb6641b619e68d7a796
treec31e26e2f5b18f197c1dd6e797a06ccd25cfe27dtree | snapshot (zip tar.gz)
parent4a04fa7acf04ef208814ea62e0372e4f93dd30bdcommit | diff
Protect against symlink attacks on MBX lockfile in /tmp as best we can:
 * if system supports O_NOFOLLOW, use it, protection complete
 * else detect the attack "too late" and abort, where at worst an empty file
   has been created as the attacked user
Our hands are tied by not changing the locking algorithm.

fixes: bug #989
src/src/exim_lock.c diff | blob | blame | history
src/src/transports/appendfile.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.