Date: Tue, 9 Sep 2003 01:56:15 +0200 From: Cyrille Lefevre <cyrille.lefevre@laposte.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: cyrill@econ.krasnoyarsk.su Subject: ports/56614: Maintainer update: security/op (1.11) -- security fix Message-ID: <20030908235613.GA25464@gits.dyndns.org> Resent-Message-ID: <200309090000.h8900MsR032315@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 56614 >Category: ports >Synopsis: Maintainer update: security/op (1.11) -- security fix >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Sep 08 17:00:22 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Cyrille Lefevre >Release: FreeBSD 5.1-BETA i386 >Organization: ACME >Environment: System: FreeBSD gits 5.1-BETA FreeBSD 5.1-BETA #1: Sat May 31 04:26:14 CEST 2003 root@gits:/disk3/freebsd/current/obj/disk3/freebsd/current/src/sys/CUSTOM i386 >Description: Makefile PORTREVISION bumped PLIST_SUB added (CONF_DIR) NOPORTSDOC -> NOPORTDOCS pkg-plist etc -> %%CONF_DIR%% share/doc/op -> %%DOCSDIR%% files/patch-main.c setuid misplaced (security fix) thx to cyrill@econ.krasnoyarsk.su for submitting this patch. >How-To-Repeat: n/a >Fix: take care, this patch is in two parts, the first one is a diff against /dev/null and the second one a cvs diff. --- /dev/null Tue Sep 9 01:35:58 2003 +++ files/patch-main.c Tue Sep 9 01:29:45 2003 @@ -0,0 +1,53 @@ +--- main.c.orig Tue Sep 9 01:24:31 2003 ++++ main.c Tue Sep 9 01:29:26 2003 +@@ -448,29 +448,17 @@ + char *cp, *np; + struct passwd *pw; + struct group *gr; +- int ngroups, gidset[256]; ++ int ngroups = 0, gidset[256]; + int curenv = 0, curarg = 0; + char *new_envp[MAXENV]; + char *new_argv[MAXARG]; + char str[MAXSTRLEN], buf[4*MAXSTRLEN]; + +- if ((cp = FindOpt(cmd, "uid")) == NULL) { +- if (setuid(0) < 0) +- fatal("Unable to set uid to default", cp); +- } else { +- if ((pw = getpwnam(cp)) == NULL) { +- if (setuid(atoi(cp)) < 0) +- fatal("Unable to set uid to %s", cp); +- } +- if (setuid(pw->pw_uid) < 0) +- fatal("Unable to set uid to %s", cp); +- } +- + if ((cp = FindOpt(cmd, "gid")) == NULL) { + ; /* don't have a default */ + } else { + for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) { +- if ((gr = getgrnam(cp)) != NULL) ++ if ((gr = getgrnam(str)) != NULL) + gidset[ngroups++] = gr->gr_gid; + } + if (ngroups == 0) +@@ -533,6 +521,18 @@ + new_envp[curenv++] = environ[i]; + } + new_envp[curenv] = NULL; ++ ++ if ((cp = FindOpt(cmd, "uid")) == NULL) { ++ if (setuid(0) < 0) ++ fatal("Unable to set uid to default", cp); ++ } else { ++ if ((pw = getpwnam(cp)) == NULL) { ++ if (setuid(atoi(cp)) < 0) ++ fatal("Unable to set uid to %s", cp); ++ } ++ if (setuid(pw->pw_uid) < 0) ++ fatal("Unable to set uid to %s", cp); ++ } + + if (strcmp("MAGIC_SHELL", cmd->args[0]) == 0) { + for (i = 0; environ[i] != NULL; i++) Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/op/Makefile,v retrieving revision 1.9 diff -u -I$Id.*$ -I$.+BSD.*$ -r1.9 Makefile --- Makefile 21 Feb 2003 13:26:48 -0000 1.9 +++ Makefile 8 Sep 2003 23:34:23 -0000 @@ -7,6 +7,7 @@ PORTNAME= op PORTVERSION= 1.11 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \ ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \ @@ -29,6 +30,8 @@ MANOWN=${MANOWN} MANGRP=${MANGRP} MANMODE=${MANMODE} ALL_TARGET= ${PORTNAME} +PLIST_SUB= CONF_DIR="${CONF_DIR:S,^${PREFIX}/,,}" + MAN8= op.8 PKGDEINSTALL= ${PKGINSTALL} @@ -82,7 +85,7 @@ ${PKGINSTALL} ${PKGNAME} POST-INSTALL install-doc-files: -.if !defined(NOPORTSDOC) +.if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in ${DOC_FILES} @${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR}/${file} Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/security/op/pkg-plist,v retrieving revision 1.3 diff -u -I$Id.*$ -I$.+BSD.*$ -r1.3 pkg-plist --- pkg-plist 21 Aug 2001 15:29:13 -0000 1.3 +++ pkg-plist 30 Jul 2003 20:53:30 -0000 @@ -1,6 +1,6 @@ -@comment $FreeBSD: ports/security/op/pkg-plist,v 1.2 2001/04/10 10:52:20 lioux Exp $ +@comment $FreeBSD: ports/security/op/pkg-plist,v 1.3 2001/08/21 15:29:13 brian Exp $ bin/op -etc/op.access.sample -%%PORTDOCS%%share/doc/op/README -%%PORTDOCS%%share/doc/op/op.paper -%%PORTDOCS%%@dirrm share/doc/op +%%CONF_DIR%%/op.access.sample +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/op.paper +%%PORTDOCS%%@dirrm %%DOCSDIR%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030908235613.GA25464>