diff options
| -rw-r--r-- | mail/dma/Makefile | 2 | ||||
| -rw-r--r-- | mail/dma/files/fix-security-hole.patch | 34 |
2 files changed, 36 insertions, 0 deletions
diff --git a/mail/dma/Makefile b/mail/dma/Makefile index 195078c00dcd..e3c0aae6f124 100644 --- a/mail/dma/Makefile +++ b/mail/dma/Makefile @@ -3,6 +3,7 @@ PORTNAME= dma PORTVERSION= 0.11 +PORTREVISION= 1 DISTVERSIONPREFIX= v PORTEPOCH= 1 CATEGORIES= mail ipv6 @@ -31,6 +32,7 @@ MAKE_ENV= __MAKE_CONF=/dev/null SRCCONF=/dev/null NO_WERROR=defined \ USE_RC_SUBR= dma_flushq SUB_FILES= pkg-message +EXTRA_PATCHES= ${FILESDIR}/fix-security-hole.patch:-p1 # Allow subports to extend. CONFFILES+= dma.conf auth.conf diff --git a/mail/dma/files/fix-security-hole.patch b/mail/dma/files/fix-security-hole.patch new file mode 100644 index 000000000000..9efd7bd76985 --- /dev/null +++ b/mail/dma/files/fix-security-hole.patch @@ -0,0 +1,34 @@ +From f249aa412dd4a09881cb450390d1003815bd0013 Mon Sep 17 00:00:00 2001 +From: Zach Crownover <zachary.crownover@gmail.com> +Date: Fri, 5 Aug 2016 15:24:27 -0700 +Subject: [PATCH] dma - Fix security hole (#46) + +Affecting DragonFly 4.6 and earlier, Matt Dillon fixed this in base after +finding out from BSDNow Episode 152. Comments following were from his commit +which explains better than I. Just taking his change and putting it here as well. + +* dma makes an age-old mistake of not properly checking whether a file + owned by a user is a symlink or not, a bug which the original mail.local + also had. + +* Add O_NOFOLLOW to disallow symlinks. + +Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked + about the mail.local bug. +--- + dma-mbox-create.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dma-mbox-create.c b/dma-mbox-create.c +index 532a7af..45a4792 100644 +--- a/dma-mbox-create.c ++++ b/dma-mbox-create.c +@@ -142,7 +142,7 @@ main(int argc, char **argv) + logfail(EX_CANTCREAT, "cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user); + } + +- f = open(fn, O_RDONLY|O_CREAT, 0600); ++ f = open(fn, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600); + if (f < 0) + logfail(EX_NOINPUT, "cannt open mbox `%s'", fn); + |