dkim-ops
[Top] [All Lists]

Re: [dkim-ops] FW: how can use the DKIM the function

2011-05-17 18:59:19
-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org 
[mailto:dkim-ops-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jeff Macdonald
Sent: Tuesday, May 17, 2011 1:48 PM
To: MH Michael Hammer (5304)
Cc: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] FW: how can use the DKIM the function

Ok, I'll bite.

How can:

log_write(0, LOG_MAIN, (char *)logmsg)

be used to arbitrarily inject code? I understand the concept, but
having % in the logmsg with no parameters to feed it seems harmless to
me.

There was some other macro expansion mechanism in there that was unchecked.  It 
wasn't a typical printf-style expansion but it did cause file accesses and the 
like, meaning user-provided data could cause unauthorized file system 
operations.  Scary.


_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops