[30769] in bugtraq
Re: possible open relay hole in qmail-smtpd-auth patch
daemon@ATHENA.MIT.EDU (Jonathan de Boyne Pollard)
Wed Jul 16 18:15:12 2003
To: bugtraq@securityfocus.com
From: Jonathan de Boyne Pollard <J.deBoynePollard@tesco.net>
Date: Wed, 16 Jul 2003 02:09:14 +0100
Message-ID: <3F14A5BA.1982DBAE@tesco.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@main.gmane.org
JS> i have written a revision to the qmail-smtpd-auth patch
JS> which compensates for this common error by not supporting
JS> the AUTH command unless all three command line arguments
JS> are present.
You've no guarantee that 3 is the correct number. An administrator might
decide to use
qmail-smtpd domain checkpassword /bin/echo Hello there.
rather than
qmail-smtpd domain checkpassword /bin/true
for example, just for the heck of it.
If you are about to assert that "The number of arguments is always going to be
exactly 3 because 'checkpassword' is always going to be given just the one
argument, '/bin/true'.", then I suggest that you consider taking that fact
into account in the design of your modified patch, and eliminate the scope for
variation in something that you are asserting is in fact intended to be
constant.
