freebsd-ports/mail/majordomo/files/patch-sec1
Kris Kennaway 8f9bd2a169 Close holes in perl scripts which allow local users to run arbitrary
commands as the majordomo user.

Submitted by:	Dale Clark <clark@ARSC.EDU>
2000-01-05 09:59:39 +00:00

211 lines
4.7 KiB
Text

--- archive2.pl Mon Jan 3 14:35:32 2000
+++ archive2.pl.new Mon Jan 3 14:36:16 2000
@@ -54,10 +54,23 @@
shift(@ARGV);
shift(@ARGV);
}
-if (! -r $cf) {
- die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
}
-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
# All these should be in the standard PERL library
unshift(@INC, $homedir);
--- bounce-remind Mon Jan 3 14:35:32 2000
+++ bounce-remind.new Mon Jan 3 14:38:16 2000
@@ -24,10 +24,23 @@
shift(@ARGV);
shift(@ARGV);
}
-if (! -r $cf) {
- die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
}
-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
# Go to the home directory specified by the .cf file
chdir("$homedir");
--- config-test.orig Wed Aug 27 08:17:13 1997
+++ config-test Wed Jan 5 01:41:37 2000
@@ -119,10 +119,21 @@
$cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'};
-if (eval "require '$cf'") {
- &good("'require'd $cf okay.");
-} else {
- &bad("something's wrong with $cf: $@");
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
}
foreach (@requires) {
--- digest.orig Wed Jan 5 01:44:09 2000
+++ digest Wed Jan 5 01:45:38 2000
@@ -315,7 +315,23 @@
# Read and execute the .cf file
$cf = $opt_c || $ENV{"MAJORDOMO_CF"} ||
"%%PREFIX%%/majordomo/majordomo.cf";
- require "$cf";
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
chdir($homedir);
--- majordomo Mon Jan 3 13:37:13 2000
+++ majordomo.new Mon Jan 3 14:15:29 2000
@@ -40,11 +40,23 @@
die "Unknown argument $ARGV[0]\n";
}
}
-if (! -r $cf) {
- die("$cf not readable; stopped");
-}
-require "$cf";
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
# Go to the home directory specified by the .cf file
chdir("$homedir") || die "chdir to $homedir failed, $!\n";
--- request-answer Mon Jan 3 14:35:32 2000
+++ request-answer.new Mon Jan 3 15:09:02 2000
@@ -20,10 +20,23 @@
shift(@ARGV);
shift(@ARGV);
}
-if (! -r $cf) {
- die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
}
-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
unshift(@INC, $homedir);
--- resend Mon Jan 3 15:14:49 2000
+++ resend.new Mon Jan 3 15:16:01 2000
@@ -56,7 +56,7 @@
if ($ARGV[0] =~ /^\@/) {
$fn = shift(@ARGV);
$fn =~ s/^@//;
- open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
+ sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped");
undef($/); # set input field separator
$av = <AV>; # read whole file into string
close(AV);
@@ -84,11 +84,23 @@
# Despite not having a place to send the remains of the body,
# it would be nice to send a message to root or postmaster, at least...
#
-if (! -r $cf) {
- die("$cf not readable; stopped");
-}
-require "$cf";
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+ die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+ die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+ close CONFIG;
+}
chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");