Date: Tue, 28 Jul 1998 21:01:06 -0600 From: Brett Glass <brett@lariat.org> To: security@FreeBSD.ORG Subject: Re: Any procmail experts here? Message-ID: <199807290301.VAA28924@lariat.lariat.org> In-Reply-To: <199807290159.TAA26543@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Whoops.... As many of you have doubtless already noted, the header we need to catch is Content-Disposition: attachment; filename="<verylogname>" --Brett At 07:59 PM 7/28/98 -0600, Brett Glass wrote: >We have dozens of users who might get bit by the MIME filename buffer >overflow bug described at > >http://www.sjmercury.com/business/microsoft/docs/security0728.htm > >and would like to try to use procmail to plug the hole (it seems to be the >best tool for the job). However, I have no experience with procmail. Could >someone help me write a procmail.rc that will eliminate the extra-long >filenames, truncating them back to (say) 64 characters max? All that's >required is to recognize the Content-type: .... filename="<name>" header >and make sure that <name> is chopped if it's too long. > >This would be a fix for which thousands of sysadmins would be exceedinglyy >grateful. > >--Brett > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807290301.VAA28924>