Date: Wed, 28 Nov 2001 13:58:00 -0800 (PST) From: Maxim Sobolev <sobomax@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: projects/mfcns/handler MFCns_handler.py Message-ID: <200111282158.fASLw0321528@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
sobomax 2001/11/28 13:58:00 PST
Modified files:
mfcns/handler MFCns_handler.py
Log:
Redesing previous fix for a potential vulnerability:
- Remove overly restrictions on the format of the mail address;
- eliminate the hole by initialising Popen4() object with a list
instead of string that ensures that arguments are passed
directly to the execve() without any /bin/sh mediation.
Revision Changes Path
1.12 +1 -8 projects/mfcns/handler/MFCns_handler.py
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111282158.fASLw0321528>