NetBSD/usr.bin/mail
christos 2a8765d5a2 Fix various security related issues:
0001. Do not recognize paths, mail folders, and pipes in mail addresses
    by default.  That avoids a direct command injection with syntactically
    valid email addresses starting with |.

    Such addresses can be specified both on the command line, the mail
    headers (with -t) or in address lines copied over from previous
    while replying.

    This was assigned CVE-2014-7844 for some versions of BSD mailx.  It is
    documented behavior for Heirloom mailx, and was mentioned in an old
    technical report about BSD mailx (which does not usually make its way
    into operating system installations).  The patch switches off this
    processing and updates the documentation.

Added expandaddr option to explicitly enable this behavior.

    0002. When invoking sendmail, prevent option processing for email
    address arguments.  This prevents changing e.g. the Postfix
    configuration file in unexpected ways.  This behavior was documented for
    BSD mailx (sort of), but not for Heirloom mailx.  We did not assign a
    CVE to this because it is more of a missing feature, and code invoking
    mailx needs adjustment in the caller as well.

Fixed.

    0003. Make wordexp support mandatory.  (No functional change.)

Fixed (replaced explicit shell pipe implementation).

    0004. Prevent command execution in the expand function, which is IMHO
    unexpected.  (Not really required with patch 1, and there is still
    information disclosure/DoS potential if this expansion occurs.)  This is
    a historic vulnerability already fixed in the Debian package,
    retroactively assigned CVE-2004-2771:

Fixed (as part of the pipe replacement with wordexp).
2014-12-16 19:30:24 +00:00
..
misc
USD.doc put back ua will fix differently. 2014-10-01 23:41:41 +00:00
cmd1.c avoid longjmp clobber. 2013-10-18 20:17:59 +00:00
cmd2.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
cmd3.c Fix various security related issues: 2014-12-16 19:30:24 +00:00
cmd4.c
cmdtab.c
collect.c prevent re-entry race and crash 2013-06-28 17:36:18 +00:00
complete.c
complete.h
def.h src is too big these days to tolerate superfluous apostrophes. It's 2014-10-18 08:33:23 +00:00
dotlock.c
edit.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
extern.h Fix various security related issues: 2014-12-16 19:30:24 +00:00
fio.c Fix various security related issues: 2014-12-16 19:30:24 +00:00
format.c
format.h
getname.c
glob.h PR/47577: Steffen "Daode" Nurpmeso: Keep a resolved folder name together 2013-02-19 17:43:32 +00:00
head.c From: Steffen "Daode" Nurpmeso: 2013-01-16 15:21:42 +00:00
lex.c PR/47577: Steffen "Daode" Nurpmeso: Refinement to previous to keep always 2013-02-20 14:38:13 +00:00
list.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
mail.1 Fix various security related issues: 2014-12-16 19:30:24 +00:00
main.c
Makefile Rework /usr/share/doc. 2014-07-05 19:22:02 +00:00
mime_attach.c fix unused variable warnings 2013-10-18 20:47:06 +00:00
mime_attach.h
mime_child.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
mime_child.h
mime_codecs.c PR/47657: Steffen "Daode" Nurpmeso: quoted printable CTE exceeds RFC limit. 2013-02-14 18:23:45 +00:00
mime_codecs.h PR/47657: Steffen "Daode" Nurpmeso: quoted printable CTE exceeds RFC limit. 2013-02-14 18:23:45 +00:00
mime_decode.c
mime_decode.h
mime_detach.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
mime_detach.h
mime_header.c PR/47657: Steffen "Daode" Nurpmeso: quoted printable CTE exceeds RFC limit. 2013-02-14 18:23:45 +00:00
mime_header.h
mime.h
names.c Fix various security related issues: 2014-12-16 19:30:24 +00:00
pathnames.h
popen.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
quit.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
rcv.h
send.c Fix various security related issues: 2014-12-16 19:30:24 +00:00
sig.c make sure that signal handlers are always initialized. 2012-06-12 19:03:26 +00:00
sig.h make sure that signal handlers are always initialized. 2012-06-12 19:03:26 +00:00
strings.c
support.c set close on exec for all opened files. 2012-04-29 23:50:22 +00:00
temp.c
thread.c don't check for i and use j. 2012-10-21 22:18:16 +00:00
thread.h
tty.c
v7.local.c
vars.c
version.c