From 80a6f8941ea98d589695e9cceb4e42014fbb517e Mon Sep 17 00:00:00 2001
From: rafan <rafan@FreeBSD.org>
Date: Mon, 18 Sep 2006 14:12:16 +0000
Subject: - rc scripts have race condition to stop executing at start-up time. 
  This also stops FreeBSD start up.   Ref:
 http://docs.freebsd.org/cgi/mid.cgi?450CA21C.3080407 - There are potential
 DoS attacks by dkfilter_{in,out} program.   They can change their pid file to
 illegally stop any program   when an administrator try to stop them by rc
 script. - pet portlint(1)

PR:		ports/103344
Submitted by:	Yoshisato YANAGISAWA <yanagisawa at csg.is.titech.ac.jp> (maintainer)
---
 mail/dkfilter/Makefile              | 12 ++++++------
 mail/dkfilter/files/dkfilter_in.in  | 13 ++++++++++++-
 mail/dkfilter/files/dkfilter_out.in | 13 ++++++++++++-
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/mail/dkfilter/Makefile b/mail/dkfilter/Makefile
index 7db7db2c8931..455fb4e63d41 100644
--- a/mail/dkfilter/Makefile
+++ b/mail/dkfilter/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	dkfilter
 PORTVERSION=	0.10
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	http://jason.long.name/dkfilter/
 
@@ -30,11 +30,11 @@ DKFILTER_USERID?=	325
 DKFILTER_GROUPNAME?=	${DKFILTER_USERNAME}
 DKFILTER_GROUPID?=	${DKFILTER_USERID}
 
-SUB_FILES=      pkg-install pkg-deinstall
-SUB_LIST=       USER=${DKFILTER_USERNAME} \
-                UID=${DKFILTER_USERID} \
-                GROUP=${DKFILTER_GROUPNAME} \
-                GID=${DKFILTER_GROUPID}
+SUB_FILES=	pkg-install pkg-deinstall
+SUB_LIST=	USER=${DKFILTER_USERNAME} \
+		UID=${DKFILTER_USERID} \
+		GROUP=${DKFILTER_GROUPNAME} \
+		GID=${DKFILTER_GROUPID}
 
 .include <bsd.port.pre.mk>
 
diff --git a/mail/dkfilter/files/dkfilter_in.in b/mail/dkfilter/files/dkfilter_in.in
index f52dc9b0ae3c..cb65ea16884b 100644
--- a/mail/dkfilter/files/dkfilter_in.in
+++ b/mail/dkfilter/files/dkfilter_in.in
@@ -42,13 +42,24 @@ dkfilter_in_start()
 	su -m ${dkfilter_in_user} -c "daemon -p ${dkfilter_in_pidfile} \
 		%%PREFIX%%/bin/dkfilter.in ${dkfilter_in_flags}" \
 		> /dev/null 2> ${tmpfile}
-	sleep 1 # XXX: wait until dkfilter start.
+	# wait until dkfilter start.
+	while true
+	do
+		filesize=`ls -l $tmpfile|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
 	logger -t ${name} `cat ${tmpfile}`
 	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkfilter_in_pidfile}
+	else
+		# To prevent DoS attack by dkfilter_in_user.
+		chown root:wheel ${dkfilter_in_pidfile}
 	fi
 	rm -f ${tmpfile}
 }
diff --git a/mail/dkfilter/files/dkfilter_out.in b/mail/dkfilter/files/dkfilter_out.in
index 9348768fb706..feb4a3f2d021 100644
--- a/mail/dkfilter/files/dkfilter_out.in
+++ b/mail/dkfilter/files/dkfilter_out.in
@@ -48,13 +48,24 @@ dkfilter_out_start()
 	su -m ${dkfilter_out_user} -c "daemon -p ${dkfilter_out_pidfile} \
 		%%PREFIX%%/bin/dkfilter.out ${dkfilter_out_flags}" \
 		> /dev/null 2> ${tmpfile}
-	sleep 1	# XXX: wait until dkfilter start.
+	# wait until dkfilter start.
+	while true
+	do
+		filesize=`ls -l $tmpfile|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
 	logger -t ${name} `cat ${tmpfile}`
 	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkfilter_out_pidfile}
+	else
+		# To prevent DoS attack by dkfilter_out_user.
+		chown root:wheel ${dkfilter_out_pidfile}
 	fi
 	rm -f ${tmpfile}
 }
-- 
cgit