From owner-freebsd-ports Mon Jul 26 18: 0: 4 1999 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 663E01519A for ; Mon, 26 Jul 1999 18:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id SAA49774; Mon, 26 Jul 1999 18:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from neptune.psn.net (neptune.psn.net [207.211.58.16]) by hub.freebsd.org (Postfix) with ESMTP id 7DF5F15172 for ; Mon, 26 Jul 1999 17:58:04 -0700 (PDT) (envelope-from will@shadow.blackdawn.com) Received: from 5042-243.008.popsite.net ([209.224.140.243] helo=shadow.blackdawn.com) by neptune.psn.net with esmtp (PSN Internet Service 2.12 #3) for FreeBSD-gnats-submit@freebsd.org id 117aHw-00075i-00; Fri, 23 Jul 1999 01:02:41 -0700 Received: (from will@localhost) by shadow.blackdawn.com (8.9.3/8.9.2) id EAA60812; Fri, 23 Jul 1999 04:02:32 -0400 (EDT) (envelope-from will) Message-Id: <199907230802.EAA60812@shadow.blackdawn.com> Date: Fri, 23 Jul 1999 04:02:32 -0400 (EDT) From: Will Andrews Reply-To: Will Andrews To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/12827: fix port: editors/joe Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 12827 >Category: ports >Synopsis: fix port editors/joe >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jul 26 18:00:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Will Andrews >Release: FreeBSD 3.2-STABLE i386 >Organization: none >Environment: FreeBSD shadow.blackdawn.com 3.2-STABLE FreeBSD 3.2-STABLE #0: Wed Jun 23 12:45:46 EDT 1999 root@shadow.blackdawn.com:/usr/src/sys/compile/SHADOW i386 >Description: This report was sent in by Trevor Johnson , along with a nice fix which I have tested on FreeBSD to make sure it works. When joe is abnormally aborted, its DEADJOE file is world readable. This can be a substantial security problem for editing files that are usually only supposed to be readable by root - such as /etc/master.passwd. >How-To-Repeat: Start up joe like usual. Then kill -HUP it. It will create a DEADJOE file that is world readable.. regardless of umask settings. >Fix: diff -urN joe/patches/patch-ad joe.new/patches/patch-ad --- joe/patches/patch-ad Wed Dec 31 19:00:00 1969 +++ joe.new/patches/patch-ad Fri Jul 23 03:53:40 1999 @@ -0,0 +1,18 @@ +--- b.c Fri Jan 20 03:38:25 1995 ++++ b.c.new Fri Jul 23 03:36:10 1999 +@@ -21,6 +21,7 @@ + #include + #endif + #include ++#include + + #include "config.h" + #include "blocks.h" +@@ -1990,6 +1991,7 @@ + { + long tim=time(0); + B *b; ++ mode_t mask=umask(077); /* no access to DEADJOE for others */ + FILE *f=fopen("DEADJOE","a"); + fprintf(f,"\n*** Modified files in JOE when it aborted on %s",ctime(&tim)); + if(sig) fprintf(f,"*** JOE was aborted by signal %d\n",sig); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message