[1604] in bugtraq
Re: SUMMARY: AntiFlash talkd
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Tue Apr 25 10:39:59 1995
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: ra@rhi.hi.is (Richard Allen)
Date: Tue, 25 Apr 1995 13:40:29 +0200 (MET DST)
Cc: bugtraq@fc.net
In-Reply-To: <199504241103.LAA08203@strympa.rhi.hi.is> from "Richard Allen" at Apr 24, 95 11:03:11 am
> Shortly after I sent my request to bugtraq, I got an idea to look around
> on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
> which basicly filters out flashes and then sends automatic 'hatemail' to
> root@remote.site
Be careful - the hatemail feature has a security hole. Apply this patch:
--- process.c.orig Mon Jan 16 06:07:52 1995
+++ process.c Tue Apr 25 13:04:58 1995
@@ -167,8 +167,10 @@
char sys_buf[150];
caller_host=hp->h_name;
+#if 0 /* security problem */
sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
system(sys_buf);
+#endif
}
else
caller_host="unknown";
You can see two problems here: sprintf() and system(). Guess what happens
if the DNS name is too long or contains some command in back quotes...
> However, I ran into problems compiling it on our HP9000's, Linux
> apparently has a '<protocols/talkd.h>' in it's system includes.
Yes, it has. Mail me if you need a copy.
Regards,
-- Marek Michalkiewicz <marekm@i17linuxa.ists.pwr.wroc.pl>
