[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] tmp file cleanup

From: David Levine
Subject: Re: [Nmh-workers] tmp file cleanup
Date: Mon, 20 Jan 2014 00:27:20 -0500

> But my underlying concern with allowing a relative mhpath surrounds
> taking advantage of $HOME leakage/confusion in the event you managed
> to get something to call an MH command with elevated privileges.
> I.e. $HOME != getpwuid(geteuid())->pw_dir.  With absolute paths,
> this is never an issue.

Note that nmh already checks to see if a setuid or setgid
had succeeded, and in that case won't use the environment
variables (and instead will just put tmp files in the MH
Path directory):

    /* Ignore envvars if we are setuid */
    if ((getuid()==geteuid()) && (getgid()==getegid())) {
      /* use first non-null of MHTMPDIR, TMPDIR, or TMP */

> >   If it is .. or .., or starts with ./ or
> >   ../, then it's relative to the current working directory.

(Off-this-topic experiment:  my first message with that text
got incorrectly converted to 8-bit.  I'll run this through
mhbuild to show that the C-T header prevents that.)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]