49f9275414
v2.108 Released May 07, 2001 17:10 (PST)
- try to avoid deadlock in LogBounces() by setting a timeout on
the OpenDB() call
- add config parameter "umask"
[suggested by gshapiro@gshapiro.net]
- don't set Reply-To: header in NewPending()
[suggested by gshapiro@gshapiro.net]
- "mailqueue" is now restricted by the "memberlist" command
[suggested by gshapiro@gshapiro.net]
- make use of the "domain" setting on preselected lists using the
mail interface
[requested by gshapiro@gshapiro.net]
- trim spaces off of possible signature terminators in
IdentifyMessage()
[suggested by gshapiro@gshapiro.net]
- LIBMSK: reimplement Absolute()
The following resulted from a code audit by Greg Shapiro of
Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
appreciated:
- SECURITY: shed privileges when -C is used on the command line
- SECURITY: add a popen() wrapper to shed privileges when the command
being executed isn't sendmail
- SECURITY: bounce requests or mail referring to addresses containing
bogus characters, to prevent remote attacks
- SECURITY: add some boundary checking in a few places I'd missed
- SECURITY: be paranoid and call sendmail with "--" before
arguments provided remotely to prevent remote attacks
- SECURITY: verify access permissions with lm_access() to prevent
unauthorized file giveaways and overwrites
- SECURITY: be pedantic about list names to prevent nasty operations
- SECURITY: add and begin using lm_safefopen()
6 lines
325 B
Plaintext
6 lines
325 B
Plaintext
MD5 (listmanager/listmanager.freebsd35) = c11a9860de2fd8393c708b3aecaf0df0
|
|
MD5 (listmanager/INSTALL) = daab4be48e990a66b58e09fece5bb993
|
|
MD5 (listmanager/help.tar.gz) = 55473e6dd480392fa783874723627fcc
|
|
MD5 (listmanager/listmanager.8) = d321176b26b8ddb2a539a69a7bf640a7
|
|
MD5 (listmanager/ack) = 9c35b02b889c69278f7cac1c6b22bab3
|