[FIDOGATE] IMPORTANT SECURITY PATCH FOR FIDOGATE 4.4.9

[Martin J. <mj...@ex...>]

Dear list,

please apply the following patch to all FIDOGATE versions up to 4.4.9. 
This fix is already included in the current CVS and will be part of the 
upcoming release 4.4.10.

The problem is that the FIDOGATE setuid news programs could be used by a 
  local user to append data to all news owned files on the system. Given 
the complexity of the news system, this may lead to all sorts of problems.

Martin


===================================================================
RCS file: /cvsroot/fidogate/fidogate/src/common/log.c,v
retrieving revision 4.21
retrieving revision 4.23
diff -u -3 -p -r4.21 -r4.23
--- log.c	16 Feb 2003 15:38:56 -0000	4.21
+++ log.c	22 Aug 2004 08:59:00 -0000	4.23
@@ -2,7 +2,7 @@
 
/*****************************************************************************
   * FIDOGATE --- Gateway UNIX Mail/News <-> FIDO NetMail/EchoMail
   *
- * $Id: log.c,v 4.21 2003/02/16 15:38:56 n0ll Exp $
+ * $Id: log.c,v 4.23 2004/08/22 08:59:00 n0ll Exp $
   *
   * Log and debug functions
   *
@@ -279,9 +279,4 @@ void log_program(char *name)
      char *p;

      BUF_COPY(logprog, name);
-
-    if( (p = getenv("LOGFILE")) )
-       log_file(p);
-    if( (p = getenv("FIDOGATE_LOGFILE")) )
-       log_file(p);
  }