From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: movemail broken on MS-Windows Date: Fri, 02 Apr 2010 18:42:34 +0300 Message-ID: <83bpe1x3md.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: lo.gmane.org X-Trace: dough.gmane.org 1270223051 29535 80.91.229.12 (2 Apr 2010 15:44:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 2 Apr 2010 15:44:11 +0000 (UTC) Cc: emacs-devel@gnu.org To: Chong Yidong Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 02 17:44:01 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Nxj2O-000469-SP for ged-emacs-devel@m.gmane.org; Fri, 02 Apr 2010 17:44:01 +0200 Original-Received: from localhost ([127.0.0.1]:33964 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Nxj2N-0006IB-OX for ged-emacs-devel@m.gmane.org; Fri, 02 Apr 2010 11:43:59 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Nxj1Z-000642-Dq for emacs-devel@gnu.org; Fri, 02 Apr 2010 11:43:09 -0400 Original-Received: from [140.186.70.92] (port=40521 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Nxj1X-00063M-2u for emacs-devel@gnu.org; Fri, 02 Apr 2010 11:43:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Nxj1V-0001qK-E5 for emacs-devel@gnu.org; Fri, 02 Apr 2010 11:43:06 -0400 Original-Received: from mtaout21.012.net.il ([80.179.55.169]:42650) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Nxj1V-0001q0-12 for emacs-devel@gnu.org; Fri, 02 Apr 2010 11:43:05 -0400 Original-Received: from conversion-daemon.a-mtaout21.012.net.il by a-mtaout21.012.net.il (HyperSendmail v2007.08) id <0L0900000A76VL00@a-mtaout21.012.net.il> for emacs-devel@gnu.org; Fri, 02 Apr 2010 18:42:34 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([77.124.92.42]) by a-mtaout21.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0L0900KQ2AAWQY90@a-mtaout21.012.net.il>; Fri, 02 Apr 2010 18:42:34 +0300 (IDT) X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:123069 Archived-At: This change breaks movemail on Windows: revno: 99810 committer: Chong Yidong branch nick: trunk timestamp: Fri 2010-04-02 11:26:24 -0400 message: Fix permissions handling (CVE-2010-0825). * movemail.c (main): Check return values of setuid. Avoid possibility of symlink attack when movemail is setgid mail (CVE-2010-0825). The reason is that Windows does not have setegid. (I'd suggest to add a stub for it, just like we do with setuid.)