diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2001-03-12 04:54:10 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2001-03-12 04:54:10 +0000 |
| commit | c71c95b401a49a69281af562062375c85592074d (patch) | |
| tree | 6c59955027eeab542a33b355ba14dcfbce42ff0e | |
| parent | 979b46e876bc6cc257ce0d48baf601bc44da8cba (diff) | |
| download | fetchmail-c71c95b401a49a69281af562062375c85592074d.tar.gz fetchmail-c71c95b401a49a69281af562062375c85592074d.tar.bz2 fetchmail-c71c95b401a49a69281af562062375c85592074d.zip | |
Security fix.
svn path=/trunk/; revision=3240
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | fetchmail-features.html | 6 | ||||
| -rwxr-xr-x | fetchmailconf | 6 |
3 files changed, 10 insertions, 6 deletions
@@ -2,6 +2,10 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Fix insecure tempfile creation bug in fetchmailconf, thanks + to Colin Phipps <cph@cph.demon.co.uk> +* Documentation refresh. + fetchmail-5.7.3 (Sun Mar 11 17:01:56 EST 2001), 20323 lines: * Incorporate SA_LEN patch from Red Hat. diff --git a/fetchmail-features.html b/fetchmail-features.html index ba2ca2c0..355eb4f7 100644 --- a/fetchmail-features.html +++ b/fetchmail-features.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/03/07 16:15:19 $ +<td width="30%" align=right>$Date: 2001/03/12 04:54:10 $ </table> <HR> @@ -23,7 +23,7 @@ open port 25. <LI>Support for AUTH=CRAM-MD5 under POP3, a la RFC2195. -<LI>Support for ODMR (On-Demand Mail Relay), RFC 2645. +<LI>Support for ODMR (On-Demand Mail Relay), RFC 2645 (untested). <LI>It's now easy to deliver mail to a local LMTP socket. @@ -243,7 +243,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop. <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/03/07 16:15:19 $ +<td width="30%" align=right>$Date: 2001/03/12 04:54:10 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmailconf b/fetchmailconf index 7181de34..c935e4f6 100755 --- a/fetchmailconf +++ b/fetchmailconf @@ -4,11 +4,11 @@ # by Eric S. Raymond, <esr@snark.thyrsus.com>. # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.34" +version = "1.35" from Tkinter import * from Dialog import * -import sys, time, os, string, socket, getopt +import sys, time, os, string, socket, getopt, tempfile # # Define the data structures the GUIs will be tossing around @@ -1923,7 +1923,7 @@ gUSiYASJpMEHhilJTEnhAlGoQqYAZQ1AiqEMZ0jDGtqQImhwwA13yMMevoQAGvGhEAWHGMOAAAA7 # Read the existing configuration. We set the umask to 077 to make sure # that group & other read/write permissions are shut off -- we wouldn't # want crackers to snoop password information out of the tempfile. - tmpfile = "/tmp/fetchmailconf." + `os.getpid()` + tmpfile = tempfile.mktemp() if rcfile: cmd = "umask 077; fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile else: |