Diffusion FreeBSD src repository 4a4338d94401

comsat: Don't read arbitrary files
4a4338d94401
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

comsat: Don't read arbitrary files

When processing a notification, instead of accepting any file name
that doesn't begin with a slash, accept only file names that don't
contain any slashes at all. This makes it possible to notify a
user about a mailbox that doesn't bear their name, as long as they
are permitted to read it, but prevents comsat from reading files
outside the mail spool.

PR: 270404
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51580

Details

Provenance

des	Authored on Jul 28 2025, 3:28 PM

Reviewer

Differential Revision

D51580: comsat: Don't read arbitrary files

Parents

rGa3b72d89c702: zfsboot: Remove zfsboot(8) program used to boot ZFS from MBR + BIOS

Branches

Unknown

Tags

Unknown

Event Timeline

des committed rG4a4338d94401: comsat: Don't read arbitrary files (authored by des).Jul 28 2025, 3:28 PM

des added an edge: D51580: comsat: Don't read arbitrary files.

des mentioned this in rG4406fe5f2203: comsat: Don't read arbitrary files.Aug 5 2025, 11:52 AM

des mentioned this in rG6ca3734e928c: comsat: Don't read arbitrary files.

Changes (1)

Path

Size

libexec/

comsat/

rG4a4338d94401

libexec/comsat/comsat.c

Loading...