--- archive2.pl Mon Jan 3 14:35:32 2000 +++ archive2.pl.new Mon Jan 3 14:36:16 2000 @@ -54,10 +54,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # All these should be in the standard PERL library unshift(@INC, $homedir); --- bounce-remind Mon Jan 3 14:35:32 2000 +++ bounce-remind.new Mon Jan 3 14:38:16 2000 @@ -24,10 +24,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # Go to the home directory specified by the .cf file chdir("$homedir"); --- config-test.orig Wed Aug 27 08:17:13 1997 +++ config-test Wed Jan 5 01:41:37 2000 @@ -119,10 +119,21 @@ $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'}; -if (eval "require '$cf'") { - &good("'require'd $cf okay."); -} else { - &bad("something's wrong with $cf: $@"); +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; } foreach (@requires) { --- digest.orig Wed Jan 5 01:44:09 2000 +++ digest Wed Jan 5 01:45:38 2000 @@ -315,7 +315,23 @@ # Read and execute the .cf file $cf = $opt_c || $ENV{"MAJORDOMO_CF"} || "%%PREFIX%%/majordomo/majordomo.cf"; - require "$cf"; + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir); --- majordomo Mon Jan 3 13:37:13 2000 +++ majordomo.new Mon Jan 3 14:15:29 2000 @@ -40,11 +40,23 @@ die "Unknown argument $ARGV[0]\n"; } } -if (! -r $cf) { - die("$cf not readable; stopped"); -} -require "$cf"; +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # Go to the home directory specified by the .cf file chdir("$homedir") || die "chdir to $homedir failed, $!\n"; --- request-answer Mon Jan 3 14:35:32 2000 +++ request-answer.new Mon Jan 3 15:09:02 2000 @@ -20,10 +20,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); unshift(@INC, $homedir); --- resend Mon Jan 3 15:14:49 2000 +++ resend.new Mon Jan 3 15:16:01 2000 @@ -56,7 +56,7 @@ if ($ARGV[0] =~ /^\@/) { $fn = shift(@ARGV); $fn =~ s/^@//; - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); undef($/); # set input field separator $av = ; # read whole file into string close(AV); @@ -84,11 +84,23 @@ # Despite not having a place to send the remains of the body, # it would be nice to send a message to root or postmaster, at least... # -if (! -r $cf) { - die("$cf not readable; stopped"); -} -require "$cf"; +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");