Make sure that a temporary has been opened with proper permissions.
That fixes the security problem reported in CVE-2006-5298.
This commit is contained in:
tron
parent
b9d121911f
commit
3684190657
3 changed files with 33 additions and 2 deletions
|
|
@ -1,6 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.144 2006/07/14 19:55:56 tron Exp $
|
||||
# $NetBSD: Makefile,v 1.145 2006/11/01 13:32:32 tron Exp $
|
||||
|
||||
DISTNAME= mutt-1.4.2.2i
|
||||
PKGREVISION= 1
|
||||
PKGNAME= ${DISTNAME:C/i$//}
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= ftp://ftp.mutt.org/mutt/ \
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.31 2006/07/14 19:55:56 tron Exp $
|
||||
$NetBSD: distinfo,v 1.32 2006/11/01 13:32:32 tron Exp $
|
||||
|
||||
SHA1 (mutt-1.4.2.2i.tar.gz) = 0ee12f734f21186b143fa96a5ea79f72397747fb
|
||||
RMD160 (mutt-1.4.2.2i.tar.gz) = a749c13e9b56b0f3cf09ce5eabae3fd2edce4c0a
|
||||
|
|
@ -6,6 +6,7 @@ Size (mutt-1.4.2.2i.tar.gz) = 2676306 bytes
|
|||
SHA1 (patch-aa) = 057c11486bb855e321853a106992c8792b75b812
|
||||
SHA1 (patch-ab) = 46518ebcd144bdb19da3f2238455d25544539e23
|
||||
SHA1 (patch-ac) = acfece3438c1cadc43247c590045699be7212ede
|
||||
SHA1 (patch-ad) = e207b279b4b6cf9bd29f5537beedb3f34453b62d
|
||||
SHA1 (patch-ag) = c369b0b5d4855e50a016530f81190b2cbd47cef1
|
||||
SHA1 (patch-ah) = 04549728683b4250a26f6d6c7a212b8d505014d2
|
||||
SHA1 (patch-ai) = 317b736d6b9a896e1ee185cce37a1c2184c02cde
|
||||
|
|
|
|||
29
mail/mutt/patches/patch-ad
Normal file
29
mail/mutt/patches/patch-ad
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
$NetBSD: patch-ad,v 1.8 2006/11/01 13:32:32 tron Exp $
|
||||
|
||||
--- lib.c.orig 2002-04-29 18:12:18.000000000 +0100
|
||||
+++ lib.c 2006-11-01 13:22:51.000000000 +0000
|
||||
@@ -351,8 +351,8 @@
|
||||
struct stat osb, nsb;
|
||||
int fd;
|
||||
|
||||
- if ((fd = open (path, flags, 0600)) < 0)
|
||||
- return fd;
|
||||
+ if ((fd = open (path, flags, S_IRUSR|S_IWUSR)) < 0)
|
||||
+ return (-1);
|
||||
|
||||
/* make sure the file is not symlink */
|
||||
if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 ||
|
||||
@@ -363,6 +363,13 @@
|
||||
return (-1);
|
||||
}
|
||||
|
||||
+ /* Make sure the file is owned by us and has save permissions. */
|
||||
+ if (nsb.st_uid != geteuid() ||
|
||||
+ (nsb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
|
||||
+ close (fd);
|
||||
+ return (-1);
|
||||
+ }
|
||||
+
|
||||
return (fd);
|
||||
}
|
||||
|
||||
Loading…
Reference in a new issue