v2.108 Released May 07, 2001 17:10 (PST)
- try to avoid deadlock in LogBounces() by setting a timeout on
the OpenDB() call
- add config parameter "umask"
[suggested by gshapiro@gshapiro.net]
- don't set Reply-To: header in NewPending()
[suggested by gshapiro@gshapiro.net]
- "mailqueue" is now restricted by the "memberlist" command
[suggested by gshapiro@gshapiro.net]
- make use of the "domain" setting on preselected lists using the
mail interface
[requested by gshapiro@gshapiro.net]
- trim spaces off of possible signature terminators in
IdentifyMessage()
[suggested by gshapiro@gshapiro.net]
- LIBMSK: reimplement Absolute()
The following resulted from a code audit by Greg Shapiro of
Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
appreciated:
- SECURITY: shed privileges when -C is used on the command line
- SECURITY: add a popen() wrapper to shed privileges when the command
being executed isn't sendmail
- SECURITY: bounce requests or mail referring to addresses containing
bogus characters, to prevent remote attacks
- SECURITY: add some boundary checking in a few places I'd missed
- SECURITY: be paranoid and call sendmail with "--" before
arguments provided remotely to prevent remote attacks
- SECURITY: verify access permissions with lm_access() to prevent
unauthorized file giveaways and overwrites
- SECURITY: be pedantic about list names to prevent nasty operations
- SECURITY: add and begin using lm_safefopen()
