I'm a bit behind in reading bugtraq but thought I'd throw this in: We
had a similar situation sometime back with Maia Mailguard, and the
null byte thing depends on the platform. It was reported on a BSD
system I think, but our Linux systems would not reproduce it.
In any case, the data should be sanitized. :)
David Morton
Maia Mailguard http://www.maiamailguard.com
*recorded* there, but making the contents accessible from there seems
unnecessary (and bad) to me, at least unless said access first
determines the canonical file system path to the file (i.e. the one
that the process used to open it), and checks the file access as it
would normally, using that path. Still, I doubt I'll ever see this on
any system I manage.
If it were possible for a different user who wasn't already accessing
the file to get access this way, that would be a very different
matter...
