freebsd-ports/mail/majordomo/files/patch-sec1

--- bounce-remind	Mon Jan  3 14:35:32 2000
+++ bounce-remind.new	Mon Jan  3 14:38:16 2000
@@ -24,10 +24,23 @@
     shift(@ARGV);
     shift(@ARGV);
 }
-if (! -r $cf) {
-    die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
 }
-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}

 # Go to the home directory specified by the .cf file
 chdir("$homedir");
--- config-test.orig	Wed Aug 27 08:17:13 1997
+++ config-test	Wed Jan  5 01:41:37 2000
@@ -119,10 +119,21 @@
 
 $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'};
 
-if (eval "require '$cf'") { 
-    &good("'require'd $cf okay.");    
-} else {
-    &bad("something's wrong with $cf: $@");
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
 }
 
 foreach (@requires) {
--- majordomo	Mon Jan  3 13:37:13 2000
+++ majordomo.new	Mon Jan  3 14:15:29 2000
@@ -40,11 +40,23 @@
 	die "Unknown argument $ARGV[0]\n";
     }
 }
-if (! -r $cf) {
-    die("$cf not readable; stopped");
-}

-require "$cf";
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}

 # Go to the home directory specified by the .cf file
 chdir("$homedir") || die "chdir to $homedir failed, $!\n";