Date: Mon, 22 Dec 2003 23:56:19 +0100 From: Cyrille Lefevre <cyrille.lefevre@laposte.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Steve Simmons <scs@umich.edu> Subject: ports/60516: Maintainer update: security/op (security fix) Message-ID: <20031222225618.GA51044@gits.dyndns.org> Resent-Message-ID: <200312222300.hBMN0cpu090567@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60516 >Category: ports >Synopsis: Maintainer update: security/op (security fix) >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Dec 22 15:00:38 PST 2003 >Closed-Date: >Last-Modified: >Originator: Cyrille Lefevre >Release: FreeBSD 5.2-BETA i386 >Organization: ACME >Environment: System: FreeBSD gits 5.2-BETA FreeBSD 5.2-BETA #0: Fri Dec 5 17:03:48 CET 2003 root@gits:/disk3/freebsd/current/obj/disk3/freebsd/current/src/sys/CUSTOM i386 >Description: Makefile PORTREVISION bumped MAINTAINERship given to "Steve Simmons <scs@umich.edu>" as he asks me to implement Kerberos autentification in op. files/patch-main.c setgid added in addition to setgroups. also, numeric group-ids are now allowed. >How-To-Repeat: n/a >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/op/Makefile,v retrieving revision 1.12 diff -u -I$Id.*$ -I$.+BSD.*$ -r1.12 Makefile --- Makefile 15 Oct 2003 13:03:15 -0000 1.12 +++ Makefile 22 Dec 2003 22:52:23 -0000 @@ -7,7 +7,7 @@ PORTNAME= op PORTVERSION= 1.11 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \ ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \ @@ -15,7 +15,7 @@ ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/ MASTER_SITE_SUBDIR= unix/sysutils/${PORTNAME} -MAINTAINER= cyrille.lefevre@laposte.net +MAINTAINER= Steve Simmons <scs@umich.edu> COMMENT= Allow others to run commands as root (like sudo but different) # Global variables Index: files/patch-main.c =================================================================== RCS file: /home/ncvs/ports/security/op/files/patch-main.c,v retrieving revision 1.2 diff -u -I$Id.*$ -I$.+BSD.*$ -r1.2 patch-main.c --- files/patch-main.c 15 Oct 2003 13:03:16 -0000 1.2 +++ files/patch-main.c 22 Dec 2003 22:33:49 -0000 @@ -1,5 +1,5 @@ ---- main.c.orig Wed Oct 15 05:58:41 2003 -+++ main.c Wed Oct 15 06:02:22 2003 +--- main.c.orig Mon Dec 22 23:26:47 2003 ++++ main.c Mon Dec 22 23:27:23 2003 @@ -9,7 +9,7 @@ /* +-------------------------------------------------------------------+ */ @@ -9,7 +9,15 @@ #include <syslog.h> #include <pwd.h> #include <grp.h> -@@ -170,14 +170,11 @@ +@@ -51,6 +51,7 @@ + extern char *getpass(), *crypt(); + + char *Progname; ++int fatal(char *s, ...); + char *format_cmd(); + char *GetCode(); + cmd_t *Find(); +@@ -170,14 +171,11 @@ return Go(new, num, argc, argv); } @@ -26,7 +34,7 @@ vfprintf(stderr, s, ap); fputc('\n', stderr); va_end(ap); -@@ -448,29 +445,17 @@ +@@ -448,35 +446,28 @@ char *cp, *np; struct passwd *pw; struct group *gr; @@ -50,15 +58,29 @@ - } - if ((cp = FindOpt(cmd, "gid")) == NULL) { - ; /* don't have a default */ +- ; /* don't have a default */ ++ if (setgid(0) < 0) ++ fatal("Unable to set gid to default", cp); } else { for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) { - if ((gr = getgrnam(cp)) != NULL) + if ((gr = getgrnam(str)) != NULL) gidset[ngroups++] = gr->gr_gid; ++ else ++ gidset[ngroups++] = atoi(str); } if (ngroups == 0) -@@ -533,6 +518,18 @@ +- fatal("Unable to setgid to any group"); ++ fatal("Unable to set gid to any group"); + if (setgroups(ngroups, gidset) < 0) +- fatal("Set group failed"); ++ fatal("Unable to set auxiliary groups"); ++ if (setgid(gidset[0]) < 0) ++ fatal("Unable to set gid to %s", gidset[0]); + } + + if ((cp = FindOpt(cmd, "umask")) == NULL) { +@@ -533,6 +524,17 @@ new_envp[curenv++] = environ[i]; } new_envp[curenv] = NULL; @@ -70,8 +92,7 @@ + if ((pw = getpwnam(cp)) == NULL) { + if (setuid(atoi(cp)) < 0) + fatal("Unable to set uid to %s", cp); -+ } -+ if (setuid(pw->pw_uid) < 0) ++ } else if (setuid(pw->pw_uid) < 0) + fatal("Unable to set uid to %s", cp); + } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031222225618.GA51044>