severity 496434 important tags 496434 patch security confirmed thanks Hi Steve,
While the program is not run as a privileged user, can you still please ensure that this issue is fixed in lenny? Smaller-scale attacks are still possible, plus, people are all to eager to copy pieces of code around so proliferation of bad examples like these is very undesirable. I'm upgrading it to important as I believe this is something that "really should be fixed" before the release. The attached patch should fix it and is very non-invasive. Can you upload it? thanks, Thijs
--- mailgo.orig 1996-07-28 20:36:36.000000000 +0200 +++ mailgo 2008-08-25 13:36:47.000000000 +0200 @@ -349,8 +349,9 @@ fi if [ $1 = -- ] then - cat >/tmp/mailgo$$ - set /tmp/mailgo$$ + MAILGOTEMP=`mktemp` + cat >$MAILGOTEMP + set $MAILGOTEMP exec </dev/tty elif [ ! -s $1 ] then
pgpNgaoHuZqG0.pgp
Description: PGP signature
