The following patch, built upon code and suggestions submitted by Henrik Edlund, Henrik Nordstrom, and Andrew Brown, is intended to render safe the config file requires, in the seven scripts which use them, in the Majordomo 1.94.4 home directory. It also incorporates Todd Miller's patch of Dec. 29. Basically, it replaces each "require $cf" with the following: if (not sysopen CONFIG,$cf,O_RDONLY) { die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } elsif ((stat CONFIG)[4] != $>) { die qq|Config file "$cf" not owned by effective UID.\n|; } elsif (eval(join '',<CONFIG>),$@) { die qq|Unable to eval "$cf": $@.\n|; } else { close CONFIG; } Use by cd'ing to Majordomo HOME, and issuing "patch < majorodomo-1.94.4.patch". Be sure to "chmod a-x *orig" after. Dale V. Clark clarkat_private Systems Analyst 907-474-5114 Arctic Region Supercomputing Center www.arsc.edu ======================== majordomo-1.94.4.patch ======================== --- archive2.pl Mon Jan 3 14:35:32 2000 +++ archive2.pl.new Mon Jan 3 14:36:16 2000 @@ -54,10 +54,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # All these should be in the standard PERL library unshift(@INC, $homedir); --- bounce-remind Mon Jan 3 14:35:32 2000 +++ bounce-remind.new Mon Jan 3 14:38:16 2000 @@ -24,10 +24,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # Go to the home directory specified by the .cf file chdir("$homedir"); --- config-test Mon Jan 3 14:35:32 2000 +++ config-test.new Mon Jan 3 14:58:05 2000 @@ -119,10 +119,21 @@ $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'}; -if (eval "require '$cf'") { - &good("'require'd $cf okay."); -} else { - &bad("something's wrong with $cf: $@"); +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; } foreach (@requires) { --- digest Mon Jan 3 14:35:32 2000 +++ digest.new Mon Jan 3 15:07:34 2000 @@ -315,7 +315,23 @@ # Read and execute the .cf file $cf = $opt_c || $ENV{"MAJORDOMO_CF"} || "/etc/majordomo.cf"; - require "$cf"; + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir); --- majordomo Mon Jan 3 13:37:13 2000 +++ majordomo.new Mon Jan 3 14:15:29 2000 @@ -40,11 +40,23 @@ die "Unknown argument $ARGV[0]\n"; } } -if (! -r $cf) { - die("$cf not readable; stopped"); -} -require "$cf"; +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} # Go to the home directory specified by the .cf file chdir("$homedir") || die "chdir to $homedir failed, $!\n"; --- request-answer Mon Jan 3 14:35:32 2000 +++ request-answer.new Mon Jan 3 15:09:02 2000 @@ -20,10 +20,23 @@ shift(@ARGV); shift(@ARGV); } -if (! -r $cf) { - die("$cf not readable; stopped"); + +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; } -require "$cf"; +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); unshift(@INC, $homedir); --- resend Mon Jan 3 15:14:49 2000 +++ resend.new Mon Jan 3 15:16:01 2000 @@ -56,7 +56,7 @@ if ($ARGV[0] =~ /^\@/) { $fn = shift(@ARGV); $fn =~ s/^@//; - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); undef($/); # set input field separator $av = <AV>; # read whole file into string close(AV); @@ -84,11 +84,23 @@ # Despite not having a place to send the remains of the body, # it would be nice to send a message to root or postmaster, at least... # -if (! -r $cf) { - die("$cf not readable; stopped"); -} -require "$cf"; +if (not sysopen CONFIG,$cf,O_RDONLY) +{ + die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; +} +elsif ((stat CONFIG)[4] != $>) +{ + die qq|Config file "$cf" not owned by effective UID.\n|; +} +elsif (eval(join '',<CONFIG>),$@) +{ + die qq|Unable to eval "$cf": $@.\n|; +} +else +{ + close CONFIG; +} chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:50 PDT