From a392fe0bdb7081117c445f5dcc98d5ed4013dc17 Mon Sep 17 00:00:00 2001 From: peter Date: Thu, 25 Nov 1999 18:03:05 +0000 Subject: [PATCH] Apply the sendmail 8.9.3 denial-of-service patch which prevents untrusted users from running newaliases. (This is to protect aliases.db against truncation). PR: 15088 --- contrib/sendmail/src/main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/contrib/sendmail/src/main.c b/contrib/sendmail/src/main.c index cea9d158d711..cb6fd57e44c0 100644 --- a/contrib/sendmail/src/main.c +++ b/contrib/sendmail/src/main.c @@ -984,6 +984,18 @@ main(argc, argv, envp) usrerr("Permission denied"); finis(FALSE, EX_USAGE); } + if (OpMode == MD_INITALIAS && + RealUid != 0 && + RealUid != TrustedUid && + !wordinclass(RealUserName, 't')) + { + if (LogLevel > 1) + sm_syslog(LOG_ALERT, NOQID, + "user %d attempted to rebuild the alias map", + RealUid); + usrerr("Permission denied"); + finis(FALSE, EX_USAGE); + } if (MeToo) BlankEnvelope.e_flags |= EF_METOO;