Date: Wed, 29 Jul 1998 18:07:33 -0600 From: Brett Glass <brett@lariat.org> To: Gregory Sutter <gsutter@pobox.com>, freebsd-security@FreeBSD.ORG Subject: Re: procmail workaround for MIME filename overflow exploit Message-ID: <199807300007.SAA18937@lariat.lariat.org> In-Reply-To: <19980729145556.C16073@notabene.zer0.org> References: <199807291946.NAA14449@lariat.lariat.org> <199807291946.NAA14449@lariat.lariat.org>
index | next in thread | previous in thread | raw e-mail
At 02:55 PM 7/29/98 -0700, Gregory Sutter wrote: >Brett, > >John's recipe has the same problem as Andrew McNaughton's proposed >solution -- it invokes perl. As far as I can see, it invokes Perl only if a potential exploit is recognized.... Hopefully, a rare event. John's original recipe DOES have the problem that it doesn't handle varying amounts of whitespace between items, or tabs rather than spaces as whitespace. I've mentioned this to John and I expect he'll update his recipes (he has several relating to MIME). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807300007.SAA18937>