Re: CVS commit: src/usr.bin/mail

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/usr.bin/mail
From: Steffen Nurpmeso <sdaoden%yandex.com@localhost>
Date: Wed, 17 Dec 2014 14:18:49 +0100

This is fully yours and who am i but

"Christos Zoulas" <christos%netbsd.org@localhost> wrote:
 |Module Name:  src
 |Committed By: christos
 |Date:         Tue Dec 16 19:30:24 UTC 2014
 |
 |Modified Files:
 | src/usr.bin/mail: cmd3.c extern.h fio.c mail.1 names.c send.c
 |
 |Log Message:
 |Fix various security related issues:
 |
 |    0001. Do not recognize paths, mail folders, and pipes in mail addresses
 |    by default.  That avoids a direct command injection with syntactically
 |    valid email addresses starting with |.
 |
 |    Such addresses can be specified both on the command line, the mail
 |    headers (with -t) or in address lines copied over from previous
 |    while replying.

 |Added expandaddr option to explicitly enable this behavior.

why does a Christos Zoulas silently wave through this sloppy
programmed shit from oss-sec that simply returns from outof()
instead of giving any indication on what is going on?
Unbelievable.

--steffen

Follow-Ups:
- Re: CVS commit: src/usr.bin/mail
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/lib/libpthread
Next by Date: Re: CVS commit: src/usr.bin/mail
Previous by Thread: Re: CVS commit: src/lib/libpthread
Next by Thread: Re: CVS commit: src/usr.bin/mail
Indexes:

Home | Main Index | Thread Index | Old Index