From 4e0429d90d386ff9153908be9b8f44b59bfe5820 Mon Sep 17 00:00:00 2001 From: "Sergey A. Osokin" Date: Tue, 9 Sep 2003 15:52:56 +0000 Subject: [PATCH] Security update with following changes: Makefile: PLIST_SUB added (CONF_DIR), fix ${NOPORTDOCS}, bump ${PORTREVISION} pkg-plist: etc -> %%CONF_DIR%%, utilize ${DOCSDIR} Setuid misplaced (security fix) for main.c Thanks to cyrill@econ.krasnoyarsk.su for submitting this patch. Also makes portlint happy. Submitted by: Clement Laforet (maintainer) PR: 56614 --- security/op/Makefile | 11 ++++--- security/op/files/patch-main.c | 53 ++++++++++++++++++++++++++++++++++ security/op/pkg-plist | 8 ++--- 3 files changed, 64 insertions(+), 8 deletions(-) create mode 100644 security/op/files/patch-main.c diff --git a/security/op/Makefile b/security/op/Makefile index 727545de97f4..829ea1013598 100644 --- a/security/op/Makefile +++ b/security/op/Makefile @@ -7,10 +7,11 @@ PORTNAME= op PORTVERSION= 1.11 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \ ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \ - ftp://ftp.hacktic.nl/pub/security/coast.cs.purdue.edu/%SUBDIR%/ \ + ftp://ftp.hacktic.nl/pub/security/coast.cs.purdue.edu/%SUBDIR%/ \ ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/ MASTER_SITE_SUBDIR= unix/sysutils/${PORTNAME} @@ -29,6 +30,8 @@ MAKE_ARGS= BASE="${PREFIX}" \ MANOWN=${MANOWN} MANGRP=${MANGRP} MANMODE=${MANMODE} ALL_TARGET= ${PORTNAME} +PLIST_SUB= CONF_DIR="${CONF_DIR:S,^${PREFIX}/,,}" + MAN8= op.8 PKGDEINSTALL= ${PKGINSTALL} @@ -82,10 +85,10 @@ install-conf-file: ${PKGINSTALL} ${PKGNAME} POST-INSTALL install-doc-files: -.if !defined(NOPORTSDOC) +.if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} -.for file in ${DOC_FILES} - @${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR}/${file} +.for f in ${DOC_FILES} + @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} .endfor .endif diff --git a/security/op/files/patch-main.c b/security/op/files/patch-main.c new file mode 100644 index 000000000000..293434234e76 --- /dev/null +++ b/security/op/files/patch-main.c @@ -0,0 +1,53 @@ +--- main.c.orig Tue Sep 9 01:24:31 2003 ++++ main.c Tue Sep 9 01:29:26 2003 +@@ -448,29 +448,17 @@ + char *cp, *np; + struct passwd *pw; + struct group *gr; +- int ngroups, gidset[256]; ++ int ngroups = 0, gidset[256]; + int curenv = 0, curarg = 0; + char *new_envp[MAXENV]; + char *new_argv[MAXARG]; + char str[MAXSTRLEN], buf[4*MAXSTRLEN]; + +- if ((cp = FindOpt(cmd, "uid")) == NULL) { +- if (setuid(0) < 0) +- fatal("Unable to set uid to default", cp); +- } else { +- if ((pw = getpwnam(cp)) == NULL) { +- if (setuid(atoi(cp)) < 0) +- fatal("Unable to set uid to %s", cp); +- } +- if (setuid(pw->pw_uid) < 0) +- fatal("Unable to set uid to %s", cp); +- } +- + if ((cp = FindOpt(cmd, "gid")) == NULL) { + ; /* don't have a default */ + } else { + for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) { +- if ((gr = getgrnam(cp)) != NULL) ++ if ((gr = getgrnam(str)) != NULL) + gidset[ngroups++] = gr->gr_gid; + } + if (ngroups == 0) +@@ -533,6 +521,18 @@ + new_envp[curenv++] = environ[i]; + } + new_envp[curenv] = NULL; ++ ++ if ((cp = FindOpt(cmd, "uid")) == NULL) { ++ if (setuid(0) < 0) ++ fatal("Unable to set uid to default", cp); ++ } else { ++ if ((pw = getpwnam(cp)) == NULL) { ++ if (setuid(atoi(cp)) < 0) ++ fatal("Unable to set uid to %s", cp); ++ } ++ if (setuid(pw->pw_uid) < 0) ++ fatal("Unable to set uid to %s", cp); ++ } + + if (strcmp("MAGIC_SHELL", cmd->args[0]) == 0) { + for (i = 0; environ[i] != NULL; i++) diff --git a/security/op/pkg-plist b/security/op/pkg-plist index 749cf23364c1..a277e064f7ea 100644 --- a/security/op/pkg-plist +++ b/security/op/pkg-plist @@ -1,6 +1,6 @@ @comment $FreeBSD$ bin/op -etc/op.access.sample -%%PORTDOCS%%share/doc/op/README -%%PORTDOCS%%share/doc/op/op.paper -%%PORTDOCS%%@dirrm share/doc/op +%%CONF_DIR%%/op.access.sample +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/op.paper +%%PORTDOCS%%@dirrm %%DOCSDIR%%