- rc scripts have race condition to stop executing at start-up time.

This also stops FreeBSD start up. Ref: http://docs.freebsd.org/cgi/mid.cgi?450CA21C.3080407 - There are potential DoS attacks by dkfilter_{in,out} program. They can change their pid file to illegally stop any program when an administrator try to stop them by rc script. - pet portlint(1) PR: ports/103344 Submitted by: Yoshisato YANAGISAWA <yanagisawa at csg.is.titech.ac.jp> (maintainer)
svn path=/head/; revision=173326
2006-09-18 14:12:16 +00:00 · 2006-09-18 14:12:16 +00:00 · 7e86d3c719 · 2021-03-31 03:12:20 +00:00
commit 7e86d3c719
parent 888eb761fe
3 changed files with 30 additions and 8 deletions
--- a/mail/dkfilter/Makefile
+++ b/mail/dkfilter/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	dkfilter
 PORTVERSION=	0.10
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	http://jason.long.name/dkfilter/

@ -30,11 +30,11 @@ DKFILTER_USERID?=	325
 DKFILTER_GROUPNAME?=	${DKFILTER_USERNAME}
 DKFILTER_GROUPID?=	${DKFILTER_USERID}

-SUB_FILES=      pkg-install pkg-deinstall
-SUB_LIST=       USER=${DKFILTER_USERNAME} \
-                UID=${DKFILTER_USERID} \
-                GROUP=${DKFILTER_GROUPNAME} \
-                GID=${DKFILTER_GROUPID}
+SUB_FILES=	pkg-install pkg-deinstall
+SUB_LIST=	USER=${DKFILTER_USERNAME} \
+		UID=${DKFILTER_USERID} \
+		GROUP=${DKFILTER_GROUPNAME} \
+		GID=${DKFILTER_GROUPID}

 .include <bsd.port.pre.mk>

--- a/mail/dkfilter/files/dkfilter_in.in
+++ b/mail/dkfilter/files/dkfilter_in.in
@ -42,13 +42,24 @@ dkfilter_in_start()
 	su -m ${dkfilter_in_user} -c "daemon -p ${dkfilter_in_pidfile} \
 		%%PREFIX%%/bin/dkfilter.in ${dkfilter_in_flags}" \
 		> /dev/null 2> ${tmpfile}
-	sleep 1 # XXX: wait until dkfilter start.
+	# wait until dkfilter start.
+	while true
+	do
+		filesize=`ls -l $tmpfile|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
 	logger -t ${name} `cat ${tmpfile}`
 	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkfilter_in_pidfile}
+	else
+		# To prevent DoS attack by dkfilter_in_user.
+		chown root:wheel ${dkfilter_in_pidfile}
 	fi
 	rm -f ${tmpfile}
 }
--- a/mail/dkfilter/files/dkfilter_out.in
+++ b/mail/dkfilter/files/dkfilter_out.in
@ -48,13 +48,24 @@ dkfilter_out_start()
 	su -m ${dkfilter_out_user} -c "daemon -p ${dkfilter_out_pidfile} \
 		%%PREFIX%%/bin/dkfilter.out ${dkfilter_out_flags}" \
 		> /dev/null 2> ${tmpfile}
-	sleep 1	# XXX: wait until dkfilter start.
+	# wait until dkfilter start.
+	while true
+	do
+		filesize=`ls -l $tmpfile|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
 	logger -t ${name} `cat ${tmpfile}`
 	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkfilter_out_pidfile}
+	else
+		# To prevent DoS attack by dkfilter_out_user.
+		chown root:wheel ${dkfilter_out_pidfile}
 	fi
 	rm -f ${tmpfile}
 }