Hello Roberto, * Roberto C. Sanchez <[EMAIL PROTECTED]> [2005-05-31 10:45]: [...] > I am only making this important becuase after discussing it on > #debian-devel, the consensus was the this was annoying but not RC. I am > CC'ing Nico and Elimar since this also applies to the unnofficial > mutt-ng pacakges. mutt creates temporary files in a very predictable > and unsecure way. There is no threat of overwriting an existing file or > creating a file somewhere where the user lacks appropriate permissions, > but there is a trivial way to DoS the users in mutt. > > Steps to replicate: > > Log into a shared machine and run 'ps aux|grep mutt'. Choose a user > running mutt. Note the pid of the mutt process you want to DOS. Note > the username and run 'id <user>' to get the uid. Then run 'for i in > `seq 0 1000` ; do touch /tmp/mutt-<hostname>-<uid>-<pid>-$i ; done' and > watch the user not be able to 1) compose mail, 2) change mailboxes, 3) > reply to mail, 4) or view help until mutt is restarted. For added fun, > wrap in another for loop that iterates from 0 to 32767 and hit all the > PIDs and prevent the user from using mutt unil /tmp is cleaned or the > machine is rebooted.
Thanks, its on our todo list. Patches are welcome! Regards Nico -- Nico Golde - [EMAIL PROTECTED] | GPG: 1024D/73647CFF http://www.ngolde.de | http://www.muttng.org | http://grml.org VIM has two modes - the one in which it beeps and the one in which it doesn't -- encrypted mail preferred
pgp4H3sESfnY0.pgp
Description: PGP signature
