diff options
| author | Gregory Neil Shapiro <gshapiro@FreeBSD.org> | 2001-05-15 06:45:00 +0000 |
|---|---|---|
| committer | Gregory Neil Shapiro <gshapiro@FreeBSD.org> | 2001-05-15 06:45:00 +0000 |
| commit | 49f9275414c0502440529684dfec87e399a3a938 (patch) | |
| tree | 1937f82eeb3222dcf9431ed6ea40778d444c1fb0 /textproc/p5-Text-Filter | |
| parent | 6a580242ae88a37277769a4eaf0f31b422b50e04 (diff) | |
Update to listmanager 2.108 and reenable.
v2.108 Released May 07, 2001 17:10 (PST)
- try to avoid deadlock in LogBounces() by setting a timeout on
the OpenDB() call
- add config parameter "umask"
[suggested by gshapiro@gshapiro.net]
- don't set Reply-To: header in NewPending()
[suggested by gshapiro@gshapiro.net]
- "mailqueue" is now restricted by the "memberlist" command
[suggested by gshapiro@gshapiro.net]
- make use of the "domain" setting on preselected lists using the
mail interface
[requested by gshapiro@gshapiro.net]
- trim spaces off of possible signature terminators in
IdentifyMessage()
[suggested by gshapiro@gshapiro.net]
- LIBMSK: reimplement Absolute()
The following resulted from a code audit by Greg Shapiro of
Sendmail, Inc. <gshapiro@gshapiro.net>, whose help is greatly
appreciated:
- SECURITY: shed privileges when -C is used on the command line
- SECURITY: add a popen() wrapper to shed privileges when the command
being executed isn't sendmail
- SECURITY: bounce requests or mail referring to addresses containing
bogus characters, to prevent remote attacks
- SECURITY: add some boundary checking in a few places I'd missed
- SECURITY: be paranoid and call sendmail with "--" before
arguments provided remotely to prevent remote attacks
- SECURITY: verify access permissions with lm_access() to prevent
unauthorized file giveaways and overwrites
- SECURITY: be pedantic about list names to prevent nasty operations
- SECURITY: add and begin using lm_safefopen()
Notes
Notes:
svn path=/head/; revision=42611
Diffstat (limited to 'textproc/p5-Text-Filter')
0 files changed, 0 insertions, 0 deletions