[crow at kapu.hu: Re: lil' exim format bug]

Adam Szilveszter sziszi at bsd.hu
2001. Jún. 12., K, 20:06:57 CEST 

Hali!

Exim adminok vigyazat. A FreeBSD portsban levo verzio asszem mar mintha
javitva lenne. (legalabbis atlagon feluli mennyiseget vacakoltak vele ma es
tegnap)

BTW ismeri valaki ezeket az arcokat?

Udv:
Sz.
----- Forwarded message from Foldi Tamas <crow at kapu.hu> -----

Subject: Re: lil' exim format bug
From: Foldi Tamas <crow at kapu.hu>
To: bugtraq at securityfocus.com
Cc: lez at sch.bme.hu
X-Mailer: Evolution/0.10 (Preview Release)
Date: 12 Jun 2001 11:45:34 +0200

Hi Bugtraqers,

All of the downloadable versions are still buggy, and I can't understand
why does it recommend the main-main-developer to paste '%s' into the
source code.

The following patch should work against this ugly format bug:

--- accept.c.orig       Tue Jun 12 11:33:01 2001
+++ accept.c    Tue Jun 12 11:33:38 2001
@@ -2503,7 +2503,7 @@
   nothing on success. The function moan_smtp_batch() does not return -
   it exits from the program with a non-zero return code. */

-  else if (smtp_reply != NULL) moan_smtp_batch(NULL, smtp_reply);
+  else if (smtp_reply != NULL) moan_smtp_batch(NULL, "%s", smtp_reply);
   }

/* Reset headers so that logging of rejects for a subsequent message
doesn't


><sarcasm>
>Why, thank you for letting Philip Hazel (who is on holiday right now)
>get a patched version out before announcing this to bugtraq.
></sarcasm> 

At the moment, we know another 'ugly' bug in the exim main code, but
because of your tone it's not published. I can't understand, why do you
use this tone against people, who audits your shity code, which has some
errors in it.

>> /etc/exim.conf should have an option set: 
>
>This is not the default name or location for the exim config file. 
>> lez:~$ /usr/sbin/exim -bS 

These values are defaults in most linuxes. 


> and no one with sense runs an MTA as root, and the exim security
> information strongly suggests you do not. 
>
> On my relays the MTA runs as root only once at boot time to bind to 
> port 25 and is not suid root. Yes, this looks like a real problem but
> it should also serve as a good time to check that as little as
> possible runs as root. 

On default linuxes exim is installed with setuid root. We speak about
the default install. The exim main source code has lot of setuid() call,
so it's developed for root usage also.

-- 
. . _ __ ______________________________________________________ __ _ . .
Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant
   crow at kapu.hu - PGP: finger://crow@thot.banki.hu - (+3630) 221-7477 


----- End forwarded message -----

-- 
-------------------------------------------------------------------------------
* Adam Szilveszter * JATE Szeged * email: sziszi at petra.hos.u-szeged.hu *
* Honlap : nincs * alternativ email: sziszi at bsd.hu *
* PGP kulcs: Fingereld a sziszi at petra.hos.u-szeged.hu cimet! *
* FreeBSD: tisztabb, szarazabb, biztonsagosabb erzes...! *

További információk a(z) BSD levelezőlistáról