Date: Wed, 15 Jan 2003 02:22:44 +0100 (CET) From: Matthias Andree <matthias.andree@web.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: tom@FreeBSD.org Subject: ports/47091: security update port: mail/ezmlm-idx Message-ID: <200301150122.h0F1MihZ008279@libertas.emma.line.org>
next in thread | raw e-mail | index | archive | help
>Number: 47091 >Category: ports >Synopsis: security update port: mail/ezmlm-idx >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jan 14 17:50:01 PST 2003 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD libertas.emma.line.org 4.7-STABLE FreeBSD 4.7-STABLE #11: Wed Jan 8 01:47:45 CET 2003 toor@libertas.emma.line.org:/usr/src/sys/compile/LIBERTAS i386 >Description: This patch bumps the portversion to 0.40_2, makes the pre-patch section quiet and includes the security patch that Fred Lindberg himself posted to Bugtraq on 2000-12-06. See http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00138.html It fixes a security problem with ezmlm-cgi when run set-uid to a user who is unprivileged. >How-To-Repeat: >Fix: diff -Nur /usr/ports/mail/ezmlm-idx/Makefile ezmlm-idx/Makefile --- /usr/ports/mail/ezmlm-idx/Makefile Sun Jan 5 06:00:40 2003 +++ ezmlm-idx/Makefile Wed Jan 15 02:02:42 2003 @@ -7,7 +7,7 @@ PORTNAME= ezmlm-idx PORTVERSION= 0.40 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= mail MASTER_SITES= ftp://ftp.ezmlm.org/pub/patches/ \ ftp://ftp.rivertown.net/pub/ezmlm/ \ @@ -80,7 +80,7 @@ pre-patch: @${MV} -f ${WRKDIR}/ezmlm-idx-${PORTVERSION}/* ${WRKSRC} - @cd ${WRKSRC} && ${PATCH} < idx.patch + @cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < idx.patch post-patch: @${ECHO_CMD} ${PREFIX}/bin > ${WRKSRC}/conf-bin diff -Nur /usr/ports/mail/ezmlm-idx/files/patch-security-ezmlm-cgi ezmlm-idx/files/patch-security-ezmlm-cgi --- /usr/ports/mail/ezmlm-idx/files/patch-security-ezmlm-cgi Thu Jan 1 01:00:00 1970 +++ ezmlm-idx/files/patch-security-ezmlm-cgi Wed Jan 15 00:57:00 2003 @@ -0,0 +1,119 @@ +--- ezmlm-cgi.c.orig Thu Dec 7 13:26:45 2000 ++++ ezmlm-cgi.c Thu Dec 7 13:36:30 2000 +@@ -805,31 +805,8 @@ + if ((flagspecial & SPC_BANNER) && banner && *banner) { + oputs("<DIV class=banner>\n"); + if (*banner == '<') oputs(banner); +- else { +- substdio_flush(&ssout); +- sig_pipeignore(); +- bannerargs[0] = banner; +- bannerargs[1] = host; +- bannerargs[2] = local; +- bannerargs[3] = 0; +- /* We log errors but just complete the page anyway, since we're */ +- /* already committed to output something. */ +- switch(child = fork()) { +- case -1: +- strerr_warn3(FATAL,ERR_FORK,"banner program: ",&strerr_sys); +- break; +- case 0: +- execv(*bannerargs,bannerargs); +- strerr_die3x(100,FATAL,ERR_EXECUTE,"banner program: "); +- break; +- } +- /* parent */ +- wait_pid(&wstat,child); +- if (wait_crashed(wstat)) +- strerr_warn2(FATAL,ERR_CHILD_CRASHED,(struct strerr *) 0); +- if (wait_exitcode(wstat)) +- strerr_warn2(FATAL,ERR_CHILD_UNKNOWN,(struct strerr *) 0); +- } ++ else ++ strerr_die2x(100,FATAL,"Sorry - banner programs not supported"); + oputs("</DIV>\n"); + } + oputs("</BODY>\n</HTML>\n"); +--- ezmlm-cgi.1.orig Thu Dec 7 13:40:43 2000 ++++ ezmlm-cgi.1 Thu Dec 7 13:56:44 2000 +@@ -234,16 +234,21 @@ + to avoid trapping robots in the archive. + .SH EXECUTION + .B ezmlm-cgi +-can operate in three modes, +-.IR SUID\ root , +-.IR SUID\ user , ++can operate in two modes, ++.I SUID\ root + and + .IR normal . ++.B ezmlm-cgi ++should not be installed SUID ++.I user ++other than root. ++Please see the ++.B SECURITY ++section before installing SUID ++.IR root . + + In + .I normal +-and +-.I SUID user + mode, + .B ezmlm-cgi + will read the configuration file +@@ -255,9 +260,7 @@ + .B ezmlm-cgi + is in), then + change directory to the list directory. ``uid'' is ignored. +-.I SUID user +-may be required to read the particular archive if it is not owned by the +-httpd user. For user installations or systems where ++For user installations or systems where + the httpd user has access to all the lists, + .I normal + mode usually gives sufficient access. +@@ -277,22 +280,10 @@ + directory is not, it is safest to leave ``uid'' blank. The httpd user will still + be able to read the files. + .SH "EXECUTION OF BANNER PROGRAMS" +-A banner program can be specified in the config file. It is executed +-immediately before the end of the text. The formatting for +-``<BODY>'' is active and the banner program output is encapsulated in +-a ``<DIV class=banner>'' segment to allow additional formatting. +-The banner program is called for all summary views, but not for the message +-view itself. +- +-The banner program is give the list local name as argument 1, and the host +-name as argument 2. It is expected to exit 0 on success. The return code is +-checked, but the archive page (and whatever the banner program has already +-produced) is output even if the banner program fails. +- +-.B chroot(3) +-may make it difficult to run banner programs that depend on e.g. ``sh'' +-or ``perl''. For this reason, the chroot call can be suppressed by prefixing +-the ``uid'' with a ``-''. ++.B ezmlm-cgi ++supports display of banners, but not execution of banner programs. To ++obtain dynamic banners, use a URL that points to a banner program elsewhere. ++ + .SH SECURITY + .B ezmlm-cgi + will refuse to run as root. +@@ -308,14 +299,8 @@ + list directories and archives). + + .B ezmlm-cgi +-will allow execution of banner programs that are located outside of the list +-directory. These are executed with the privileges of the userid set in the +-config file. If the program is installed SUID root, banner programs outside +-of the list directory are not normally accessible. Even when this is overridden, +-.B ezmlm-cgi +-will never execute the program with root permissions. ++will not allow execution of banner programs. + +-Input to the CGI script is not propagated to the banner program. + .SH BUGS + .B ezmlm-send(1) + updates the list message counter once a message is safely archived, but >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301150122.h0F1MihZ008279>