From 205166c8a8ec174e6241bfa4a2fbd7aed4f3a6fb Mon Sep 17 00:00:00 2001 From: rafan Date: Mon, 18 Sep 2006 14:15:22 +0000 Subject: - Fix race condition and DoS in rc script. These fixes are similar to mail/dkfilter, see ports/103344. PR: ports/103346 Submitted by: Yoshisato YANAGISAWA (maintainer) --- mail/dkimproxy/Makefile | 1 + mail/dkimproxy/files/dkimproxy_in.in | 23 +++++++++++++++++------ mail/dkimproxy/files/dkimproxy_out.in | 23 +++++++++++++++++------ 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/mail/dkimproxy/Makefile b/mail/dkimproxy/Makefile index 3fb7f61f278e..1d8776d32569 100644 --- a/mail/dkimproxy/Makefile +++ b/mail/dkimproxy/Makefile @@ -7,6 +7,7 @@ PORTNAME= dkimproxy PORTVERSION= 0.13 +PORTREVISION= 1 CATEGORIES= mail MASTER_SITES= http://jason.long.name/dkimproxy/ diff --git a/mail/dkimproxy/files/dkimproxy_in.in b/mail/dkimproxy/files/dkimproxy_in.in index e78554e4d9d3..a41010772f6f 100644 --- a/mail/dkimproxy/files/dkimproxy_in.in +++ b/mail/dkimproxy/files/dkimproxy_in.in @@ -42,19 +42,30 @@ dkimproxy_in_start() logger -t ${name} "Starting ${name}" touch ${dkimproxy_in_pidfile} chown ${dkimproxy_in_user} ${dkimproxy_in_pidfile} - logfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` + tmpfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` su -m ${dkimproxy_in_user} -c "daemon -c -p ${dkimproxy_in_pidfile} \ %%PREFIX%%/bin/dkimproxy.in ${dkimproxy_in_flags}" \ - > /dev/null 2> ${logfile} - sleep 1 # XXX: wait until dkimproxy start. - logger -t ${name} "`cat ${logfile}`" - err=`grep Error ${logfile}` + > /dev/null 2> ${tmpfile} + # wait until dkimproxy start. + while true + do + filesize=`ls -l ${tmpfile}|awk '{print $5}'` + if [ ${filesize} -gt 0 ]; then + break + fi + done + + logger -t ${name} "`cat ${tmpfile}`" + err=`grep Error ${tmpfile}` if [ "${err}" ]; then echo "Failed to start ${name}." echo "${err}" rm -f ${dkimproxy_in_pidfile} + else + # To prevent DoS attack by dkimproxy_in_user. + chown root:wheel ${dkimproxy_in_pidfile} fi - rm -f ${logfile} + rm -f ${tmpfile} } dkimproxy_in_stop() diff --git a/mail/dkimproxy/files/dkimproxy_out.in b/mail/dkimproxy/files/dkimproxy_out.in index c05aafd7e1dd..110477c2edbb 100644 --- a/mail/dkimproxy/files/dkimproxy_out.in +++ b/mail/dkimproxy/files/dkimproxy_out.in @@ -47,19 +47,30 @@ dkimproxy_out_start() logger -t ${name} "Starting ${name}" touch ${dkimproxy_out_pidfile} chown ${dkimproxy_out_user} ${dkimproxy_out_pidfile} - logfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` + tmpfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` su -m ${dkimproxy_out_user} -c "daemon -c -p ${dkimproxy_out_pidfile} \ %%PREFIX%%/bin/dkimproxy.out ${dkimproxy_out_flags}" \ - > /dev/null 2> ${logfile} - sleep 1 # XXX: wait until dkimproxy start. - logger -t ${name} "`cat ${logfile}`" - err=`grep Error ${logfile}` + > /dev/null 2> ${tmpfile} + # wait until dkimproxy start. + while true + do + filesize=`ls -l ${tmpfile}|awk '{print $5}'` + if [ ${filesize} -gt 0 ]; then + break + fi + done + + logger -t ${name} "`cat ${tmpfile}`" + err=`grep Error ${tmpfile}` if [ "${err}" ]; then echo "Failed to start ${name}." echo "${err}" rm -f ${dkimproxy_out_pidfile} + else + # To prevent DoS attack by dkimproxy_out_user. + chown root:wheel ${dkimproxy_out_pidfile} fi - rm -f ${logfile} + rm -f ${tmpfile} } dkimproxy_out_stop() -- cgit