Oops, commit the right version of this (adds extra checks that only

expected commands will be proxied)
author: kris <kris@FreeBSD.org> 2008-07-26 23:34:49 +0800
committer: kris <kris@FreeBSD.org> 2008-07-26 23:34:49 +0800
commit: 5ee13b8bf7e1604927a2be29695c79b264be0aa7 (patch)
tree: 399c56e1d072fe3e74fbdcef7a704bd1e2cabe8d /Tools/portbuild
parent: 254d4ef0b487b4e3aa4bad47e9364950343a4dca (diff)
download: freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.tar.gz
freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.tar.zst
freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Tools/portbuild/scripts/buildproxy b/Tools/portbuild/scripts/buildproxy
index fae88ab870b7..93c524e541e0 100755
--- a/Tools/portbuild/scripts/buildproxy
+++ b/Tools/portbuild/scripts/buildproxy
@@ -9,6 +9,8 @@ from freebsd import *
 
 SOCKET='/tmp/.build'
 
+valid_cmds = ['create', 'clone', 'portsupdate', 'srcupdate', 'destroy']
+
 def validate(uid, arch):
     if uid == 0:
         return True
@@ -32,6 +34,9 @@ def process(cmd, sockfile):
     except:
         return (254, "Internal error")
 
+    if cmd[1] not in valid_cmds:
+        return (254, "Permission denied")
+
     for i in cmd:
         for j in i:
             if not j.isalnum() and not j in "-_.":
author	kris <kris@FreeBSD.org>	2008-07-26 23:34:49 +0800
committer	kris <kris@FreeBSD.org>	2008-07-26 23:34:49 +0800
commit	5ee13b8bf7e1604927a2be29695c79b264be0aa7 (patch)
tree	399c56e1d072fe3e74fbdcef7a704bd1e2cabe8d /Tools/portbuild
parent	254d4ef0b487b4e3aa4bad47e9364950343a4dca (diff)
download	freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.tar.gz freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.tar.zst freebsd-ports-gnome-5ee13b8bf7e1604927a2be29695c79b264be0aa7.zip