aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-01-05 17:59:39 +0800
committerkris <kris@FreeBSD.org>2000-01-05 17:59:39 +0800
commitf03794a15e3ab959cc5e64b3d7c675fe99c9d241 (patch)
treebb1f29dcfc41679923f4906c437d8cd5eb98803e
parent846c82178fddaab8bc92366fb851a35abea25e99 (diff)
downloadfreebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.tar.gz
freebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.tar.zst
freebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.zip
Close holes in perl scripts which allow local users to run arbitrary
commands as the majordomo user. Submitted by: Dale Clark <clark@ARSC.EDU>
-rw-r--r--mail/majordomo/files/patch-sec1211
1 files changed, 211 insertions, 0 deletions
diff --git a/mail/majordomo/files/patch-sec1 b/mail/majordomo/files/patch-sec1
new file mode 100644
index 000000000000..c0776f1f6042
--- /dev/null
+++ b/mail/majordomo/files/patch-sec1
@@ -0,0 +1,211 @@
+--- archive2.pl Mon Jan 3 14:35:32 2000
++++ archive2.pl.new Mon Jan 3 14:36:16 2000
+@@ -54,10 +54,23 @@
+ shift(@ARGV);
+ shift(@ARGV);
+ }
+-if (! -r $cf) {
+- die("$cf not readable; stopped");
++
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ # All these should be in the standard PERL library
+ unshift(@INC, $homedir);
+--- bounce-remind Mon Jan 3 14:35:32 2000
++++ bounce-remind.new Mon Jan 3 14:38:16 2000
+@@ -24,10 +24,23 @@
+ shift(@ARGV);
+ shift(@ARGV);
+ }
+-if (! -r $cf) {
+- die("$cf not readable; stopped");
++
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ # Go to the home directory specified by the .cf file
+ chdir("$homedir");
+--- config-test.orig Wed Aug 27 08:17:13 1997
++++ config-test Wed Jan 5 01:41:37 2000
+@@ -119,10 +119,21 @@
+
+ $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'};
+
+-if (eval "require '$cf'") {
+- &good("'require'd $cf okay.");
+-} else {
+- &bad("something's wrong with $cf: $@");
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
++}
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
+ }
+
+ foreach (@requires) {
+--- digest.orig Wed Jan 5 01:44:09 2000
++++ digest Wed Jan 5 01:45:38 2000
+@@ -315,7 +315,23 @@
+ # Read and execute the .cf file
+ $cf = $opt_c || $ENV{"MAJORDOMO_CF"} ||
+ "%%PREFIX%%/majordomo/majordomo.cf";
+- require "$cf";
++
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
++}
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ chdir($homedir);
+
+--- majordomo Mon Jan 3 13:37:13 2000
++++ majordomo.new Mon Jan 3 14:15:29 2000
+@@ -40,11 +40,23 @@
+ die "Unknown argument $ARGV[0]\n";
+ }
+ }
+-if (! -r $cf) {
+- die("$cf not readable; stopped");
+-}
+
+-require "$cf";
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
++}
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ # Go to the home directory specified by the .cf file
+ chdir("$homedir") || die "chdir to $homedir failed, $!\n";
+--- request-answer Mon Jan 3 14:35:32 2000
++++ request-answer.new Mon Jan 3 15:09:02 2000
+@@ -20,10 +20,23 @@
+ shift(@ARGV);
+ shift(@ARGV);
+ }
+-if (! -r $cf) {
+- die("$cf not readable; stopped");
++
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
+ unshift(@INC, $homedir);
+--- resend Mon Jan 3 15:14:49 2000
++++ resend.new Mon Jan 3 15:16:01 2000
+@@ -56,7 +56,7 @@
+ if ($ARGV[0] =~ /^\@/) {
+ $fn = shift(@ARGV);
+ $fn =~ s/^@//;
+- open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
++ sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped");
+ undef($/); # set input field separator
+ $av = <AV>; # read whole file into string
+ close(AV);
+@@ -84,11 +84,23 @@
+ # Despite not having a place to send the remains of the body,
+ # it would be nice to send a message to root or postmaster, at least...
+ #
+-if (! -r $cf) {
+- die("$cf not readable; stopped");
+-}
+
+-require "$cf";
++if (not sysopen CONFIG,$cf,O_RDONLY)
++{
++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
++}
++elsif ((stat CONFIG)[4] != $>)
++{
++ die qq|Config file "$cf" not owned by effective UID.\n|;
++}
++elsif (eval(join '',<CONFIG>),$@)
++{
++ die qq|Unable to eval "$cf": $@.\n|;
++}
++else
++{
++ close CONFIG;
++}
+
+ chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
+