Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site linus.UUCP Path: utzoo!linus!smk From: smk@linus.UUCP (Steven M. Kramer) Newsgroups: net.bugs.uucp Subject: uucp security hole Message-ID: <26938@linus.UUCP> Date: Fri, 1-Jul-83 23:06:06 EDT Article-I.D.: linus.26938 Posted: Fri Jul 1 23:06:06 1983 Date-Received: Sat, 2-Jul-83 01:54:47 EDT Organization: MITRE Corp., Bedford MA Lines: 33 If you don't want your system subverted, you may want to install this in chkpth.c in uucp (the part is delimited by #ifdef MITRE): if (i >= Nbrusers) { if (*logname == '\0') u = Mchdef; else u = Logdef; if (u == NULL) return(FAIL); } /* found user name */ p = u->us_path; /* check for /../ in path name */ for (s = path; *s != '\0'; s++) { #ifdef MITRE /* Fix a //..// security hole, where UNIX ignores second / in // but it gets you thru uucp. */ while (prefix ("//", s)) s++; #endif if (*s == '/' && prefix("../", (++s))) return(FAIL); } for (p = u->us_path; *p != NULL; p++) if (prefix(*p, path)) return(0); -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP) linus!smk@mitre-bedford (ARPA)