diff options
| author | rafan <rafan@FreeBSD.org> | 2006-09-18 22:12:16 +0800 |
|---|---|---|
| committer | rafan <rafan@FreeBSD.org> | 2006-09-18 22:12:16 +0800 |
| commit | 80a6f8941ea98d589695e9cceb4e42014fbb517e (patch) | |
| tree | d15bdeb7b02325a6faafc2b72d74f0f7de25b13c | |
| parent | 80c4624be94b3ea2ca9162dc13ab831f3f4ae6a7 (diff) | |
| download | freebsd-ports-gnome-80a6f8941ea98d589695e9cceb4e42014fbb517e.tar.gz freebsd-ports-gnome-80a6f8941ea98d589695e9cceb4e42014fbb517e.tar.zst freebsd-ports-gnome-80a6f8941ea98d589695e9cceb4e42014fbb517e.zip | |
- rc scripts have race condition to stop executing at start-up time.
This also stops FreeBSD start up.
Ref: http://docs.freebsd.org/cgi/mid.cgi?450CA21C.3080407
- There are potential DoS attacks by dkfilter_{in,out} program.
They can change their pid file to illegally stop any program
when an administrator try to stop them by rc script.
- pet portlint(1)
PR: ports/103344
Submitted by: Yoshisato YANAGISAWA <yanagisawa at csg.is.titech.ac.jp> (maintainer)
| -rw-r--r-- | mail/dkfilter/Makefile | 12 | ||||
| -rw-r--r-- | mail/dkfilter/files/dkfilter_in.in | 13 | ||||
| -rw-r--r-- | mail/dkfilter/files/dkfilter_out.in | 13 |
3 files changed, 30 insertions, 8 deletions
diff --git a/mail/dkfilter/Makefile b/mail/dkfilter/Makefile index 7db7db2c8931..455fb4e63d41 100644 --- a/mail/dkfilter/Makefile +++ b/mail/dkfilter/Makefile @@ -7,7 +7,7 @@ PORTNAME= dkfilter PORTVERSION= 0.10 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= mail MASTER_SITES= http://jason.long.name/dkfilter/ @@ -30,11 +30,11 @@ DKFILTER_USERID?= 325 DKFILTER_GROUPNAME?= ${DKFILTER_USERNAME} DKFILTER_GROUPID?= ${DKFILTER_USERID} -SUB_FILES= pkg-install pkg-deinstall -SUB_LIST= USER=${DKFILTER_USERNAME} \ - UID=${DKFILTER_USERID} \ - GROUP=${DKFILTER_GROUPNAME} \ - GID=${DKFILTER_GROUPID} +SUB_FILES= pkg-install pkg-deinstall +SUB_LIST= USER=${DKFILTER_USERNAME} \ + UID=${DKFILTER_USERID} \ + GROUP=${DKFILTER_GROUPNAME} \ + GID=${DKFILTER_GROUPID} .include <bsd.port.pre.mk> diff --git a/mail/dkfilter/files/dkfilter_in.in b/mail/dkfilter/files/dkfilter_in.in index f52dc9b0ae3c..cb65ea16884b 100644 --- a/mail/dkfilter/files/dkfilter_in.in +++ b/mail/dkfilter/files/dkfilter_in.in @@ -42,13 +42,24 @@ dkfilter_in_start() su -m ${dkfilter_in_user} -c "daemon -p ${dkfilter_in_pidfile} \ %%PREFIX%%/bin/dkfilter.in ${dkfilter_in_flags}" \ > /dev/null 2> ${tmpfile} - sleep 1 # XXX: wait until dkfilter start. + # wait until dkfilter start. + while true + do + filesize=`ls -l $tmpfile|awk '{print $5}'` + if [ ${filesize} -gt 0 ]; then + break + fi + done + logger -t ${name} `cat ${tmpfile}` err=`grep Error ${tmpfile}` if [ "${err}" ]; then echo "Failed to start ${name}." echo "${err}" rm -f ${dkfilter_in_pidfile} + else + # To prevent DoS attack by dkfilter_in_user. + chown root:wheel ${dkfilter_in_pidfile} fi rm -f ${tmpfile} } diff --git a/mail/dkfilter/files/dkfilter_out.in b/mail/dkfilter/files/dkfilter_out.in index 9348768fb706..feb4a3f2d021 100644 --- a/mail/dkfilter/files/dkfilter_out.in +++ b/mail/dkfilter/files/dkfilter_out.in @@ -48,13 +48,24 @@ dkfilter_out_start() su -m ${dkfilter_out_user} -c "daemon -p ${dkfilter_out_pidfile} \ %%PREFIX%%/bin/dkfilter.out ${dkfilter_out_flags}" \ > /dev/null 2> ${tmpfile} - sleep 1 # XXX: wait until dkfilter start. + # wait until dkfilter start. + while true + do + filesize=`ls -l $tmpfile|awk '{print $5}'` + if [ ${filesize} -gt 0 ]; then + break + fi + done + logger -t ${name} `cat ${tmpfile}` err=`grep Error ${tmpfile}` if [ "${err}" ]; then echo "Failed to start ${name}." echo "${err}" rm -f ${dkfilter_out_pidfile} + else + # To prevent DoS attack by dkfilter_out_user. + chown root:wheel ${dkfilter_out_pidfile} fi rm -f ${tmpfile} } |