From owner-freebsd-security Wed Jul 29 09:31:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA27712 for freebsd-security-outgoing; Wed, 29 Jul 1998 09:31:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA27702 for ; Wed, 29 Jul 1998 09:31:12 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id KAA11022; Wed, 29 Jul 1998 10:30:32 -0600 (MDT) Message-Id: <199807291630.KAA11022@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 29 Jul 1998 10:24:53 -0600 To: andrew@squiz.co.nz From: Brett Glass Subject: Re: Any procmail experts here? Cc: security@FreeBSD.ORG In-Reply-To: References: <199807290301.VAA28924@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wow.... That means invoking both procmail AND Perl on every message. Not such a good idea on a busy mail server. (And, of course, Perl will recompile the regex each and every time it executes.) How could one avoid this? --Brett At 06:50 PM 7/29/98 +1200, Andrew McNaughton wrote: > >:0 hfw >* ^Content-disposition: >| /usr/local/bin/perl -pe 's/^(Content-Disposition:.{80}).*/$1/i' > >It's a little rough, but should work, Improvement is a perl regex problem >rather than a procmail one. > >Andrew McNaughton > > >On Tue, 28 Jul 1998, Brett Glass wrote: > >> Date: Tue, 28 Jul 1998 21:01:06 -0600 >> From: Brett Glass >> To: security@FreeBSD.ORG >> Subject: Re: Any procmail experts here? >> >> Whoops.... As many of you have doubtless already noted, the header >> we need to catch is >> >> Content-Disposition: attachment; filename="" >> >> --Brett >> >> At 07:59 PM 7/28/98 -0600, Brett Glass wrote: >> >> >We have dozens of users who might get bit by the MIME filename buffer >> >overflow bug described at >> > >> >http://www.sjmercury.com/business/microsoft/docs/security0728.htm >> > >> >and would like to try to use procmail to plug the hole (it seems to be the >> >best tool for the job). However, I have no experience with procmail. Could >> >someone help me write a procmail.rc that will eliminate the extra-long >> >filenames, truncating them back to (say) 64 characters max? All that's >> >required is to recognize the Content-type: .... filename="" header >> >and make sure that is chopped if it's too long. >> > >> >This would be a fix for which thousands of sysadmins would be exceedinglyy >> >grateful. >> > >> >--Brett >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe security" in the body of the message >> > >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe security" in the body of the message >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message