Apply the sendmail 8.9.3 denial-of-service patch which prevents untrusted

users from running newaliases. (This is to protect aliases.db against truncation). PR: 15088
svn path=/vendor/sendmail/dist/; revision=53696
1999-11-25 18:03:05 +00:00 · 1999-11-25 18:03:05 +00:00 · b518ca7de5 · 2020-12-20 02:59:44 +00:00
commit b518ca7de5
parent 2e43090e08
1 changed files with 12 additions and 0 deletions
--- a/contrib/sendmail/src/main.c
+++ b/contrib/sendmail/src/main.c
@ -984,6 +984,18 @@ main(argc, argv, envp)
 		usrerr("Permission denied");
 		finis(FALSE, EX_USAGE);
 	}
+	if (OpMode == MD_INITALIAS &&
+	    RealUid != 0 &&
+	    RealUid != TrustedUid &&
+	    !wordinclass(RealUserName, 't'))
+	{
+		if (LogLevel > 1)
+			sm_syslog(LOG_ALERT, NOQID,
+				  "user %d attempted to rebuild the alias map",
+				  RealUid);
+ 		usrerr("Permission denied");
+ 		finis(FALSE, EX_USAGE);
+ 	}

 	if (MeToo)
 		BlankEnvelope.e_flags |= EF_METOO;