diff options
author | kris <kris@FreeBSD.org> | 2000-01-05 17:59:39 +0800 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-01-05 17:59:39 +0800 |
commit | f03794a15e3ab959cc5e64b3d7c675fe99c9d241 (patch) | |
tree | bb1f29dcfc41679923f4906c437d8cd5eb98803e | |
parent | 846c82178fddaab8bc92366fb851a35abea25e99 (diff) | |
download | freebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.tar.gz freebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.tar.zst freebsd-ports-gnome-f03794a15e3ab959cc5e64b3d7c675fe99c9d241.zip |
Close holes in perl scripts which allow local users to run arbitrary
commands as the majordomo user.
Submitted by: Dale Clark <clark@ARSC.EDU>
-rw-r--r-- | mail/majordomo/files/patch-sec1 | 211 |
1 files changed, 211 insertions, 0 deletions
diff --git a/mail/majordomo/files/patch-sec1 b/mail/majordomo/files/patch-sec1 new file mode 100644 index 000000000000..c0776f1f6042 --- /dev/null +++ b/mail/majordomo/files/patch-sec1 @@ -0,0 +1,211 @@ +--- archive2.pl Mon Jan 3 14:35:32 2000 ++++ archive2.pl.new Mon Jan 3 14:36:16 2000 +@@ -54,10 +54,23 @@ + shift(@ARGV); + shift(@ARGV); + } +-if (! -r $cf) { +- die("$cf not readable; stopped"); ++ ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; + } +-require "$cf"; ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + # All these should be in the standard PERL library + unshift(@INC, $homedir); +--- bounce-remind Mon Jan 3 14:35:32 2000 ++++ bounce-remind.new Mon Jan 3 14:38:16 2000 +@@ -24,10 +24,23 @@ + shift(@ARGV); + shift(@ARGV); + } +-if (! -r $cf) { +- die("$cf not readable; stopped"); ++ ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; + } +-require "$cf"; ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + # Go to the home directory specified by the .cf file + chdir("$homedir"); +--- config-test.orig Wed Aug 27 08:17:13 1997 ++++ config-test Wed Jan 5 01:41:37 2000 +@@ -119,10 +119,21 @@ + + $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'}; + +-if (eval "require '$cf'") { +- &good("'require'd $cf okay."); +-} else { +- &bad("something's wrong with $cf: $@"); ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; ++} ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; + } + + foreach (@requires) { +--- digest.orig Wed Jan 5 01:44:09 2000 ++++ digest Wed Jan 5 01:45:38 2000 +@@ -315,7 +315,23 @@ + # Read and execute the .cf file + $cf = $opt_c || $ENV{"MAJORDOMO_CF"} || + "%%PREFIX%%/majordomo/majordomo.cf"; +- require "$cf"; ++ ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; ++} ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + chdir($homedir); + +--- majordomo Mon Jan 3 13:37:13 2000 ++++ majordomo.new Mon Jan 3 14:15:29 2000 +@@ -40,11 +40,23 @@ + die "Unknown argument $ARGV[0]\n"; + } + } +-if (! -r $cf) { +- die("$cf not readable; stopped"); +-} + +-require "$cf"; ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; ++} ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + # Go to the home directory specified by the .cf file + chdir("$homedir") || die "chdir to $homedir failed, $!\n"; +--- request-answer Mon Jan 3 14:35:32 2000 ++++ request-answer.new Mon Jan 3 15:09:02 2000 +@@ -20,10 +20,23 @@ + shift(@ARGV); + shift(@ARGV); + } +-if (! -r $cf) { +- die("$cf not readable; stopped"); ++ ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; + } +-require "$cf"; ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); + unshift(@INC, $homedir); +--- resend Mon Jan 3 15:14:49 2000 ++++ resend.new Mon Jan 3 15:16:01 2000 +@@ -56,7 +56,7 @@ + if ($ARGV[0] =~ /^\@/) { + $fn = shift(@ARGV); + $fn =~ s/^@//; +- open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); ++ sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); + undef($/); # set input field separator + $av = <AV>; # read whole file into string + close(AV); +@@ -84,11 +84,23 @@ + # Despite not having a place to send the remains of the body, + # it would be nice to send a message to root or postmaster, at least... + # +-if (! -r $cf) { +- die("$cf not readable; stopped"); +-} + +-require "$cf"; ++if (not sysopen CONFIG,$cf,O_RDONLY) ++{ ++ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; ++} ++elsif ((stat CONFIG)[4] != $>) ++{ ++ die qq|Config file "$cf" not owned by effective UID.\n|; ++} ++elsif (eval(join '',<CONFIG>),$@) ++{ ++ die qq|Unable to eval "$cf": $@.\n|; ++} ++else ++{ ++ close CONFIG; ++} + + chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); + |