ADMfzap - connect(), bind() wrapper to evade misconfigured packet filters

2000-04-06 20:45:01 +00:00 · 2000-04-06 20:45:01 +00:00 · ca468cc18d
commit ca468cc18d
parent e950973fc1
9 changed files with 179 additions and 0 deletions
--- a/security/ADMfzap/Makefile
+++ b/security/ADMfzap/Makefile
@ -0,0 +1,41 @@
+# Makefile for:		ADMfzap
+# Version required:	0.1
+# Date created:		14 Mar 1999
+# Whom:			dugsong@monkey.org
+#
+# $OpenBSD: Makefile,v 1.1.1.1 2000/04/06 20:45:01 dugsong Exp $
+
+PKGNAME=	ADMfzap-0.1
+
+CATEGORIES=	security
+
+MAINTAINER=	dugsong@monkey.org
+
+DISTNAME=	ADMfzap
+
+MASTER_SITES=	http://ADM.isp.at/ADM/ \
+		ftp://ADM.isp.at/ADM/
+
+NO_CONFIGURE=	yes
+
+MAKE_ENV+=	LIB_PATH=`/bin/ls -1 /usr/lib/libc.so.* | tail -1`
+
+ALL_TARGET=	openbsd
+
+FAKE=		yes
+
+# these should really just be defaults.
+PERMIT_PACKAGE_CDROM=	yes
+PERMIT_PACKAGE_FTP=	yes
+PERMIT_DISTFILES_CDROM=	yes
+PERMIT_DISTFILES_FTP=	yes
+
+post-build:
+		sed "s%y0y0y0%${PREFIX}/lib/libfzap.so%g" \
+		    ${FILESDIR}/ADMfzap > ${WRKSRC}/ADMfzap
+
+do-install:
+		${INSTALL_PROGRAM} ${WRKSRC}/fzap.so ${PREFIX}/lib/libfzap.so
+		${INSTALL_SCRIPT} ${WRKSRC}/ADMfzap ${PREFIX}/bin
+
+.include <bsd.port.mk>
--- a/security/ADMfzap/files/ADMfzap
+++ b/security/ADMfzap/files/ADMfzap
@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# ADMfzap wrapper.
+#
+# Dug Song <dugsong@monkey.org>
+#
+# $Id: ADMfzap,v 1.1.1.1 2000/04/06 20:45:01 dugsong Exp $
+
+LIBFZAP=y0y0y0
+
+function usage {
+    echo "Usage: ADMfzap [-p port] command ..." >&2; exit 1
+}
+
+while getopts p: opt 2>&-; do
+    case "$opt" in
+	p) LPORT=$OPTARG ;;
+	\?) usage ;;
+    esac
+done
+
+shift $(($OPTIND - 1))
+
+if [ $# -eq 0 ]; then usage; fi
+
+LD_PRELOAD=$LIBFZAP exec $*
+
--- a/security/ADMfzap/files/md5
+++ b/security/ADMfzap/files/md5
@ -0,0 +1,3 @@
+MD5 (ADMfzap.tar.gz) = 49ed676360de412f96ae2e415ca892a6
+RMD160 (ADMfzap.tar.gz) = 442b7f0c90389f1ac1a6bbf3790a40e46ce21331
+SHA1 (ADMfzap.tar.gz) = faf6a70d8c3d384954c67185a5f9351dcc5ea894
--- a/security/ADMfzap/patches/patch-aa
+++ b/security/ADMfzap/patches/patch-aa
@ -0,0 +1,13 @@
+--- Makefile.orig	Mon Feb 15 18:49:35 1999
+++ Makefile	Thu Apr  6 15:37:46 2000
+@@ -20,8 +20,8 @@
+ 	$(CC) $(COPT) fzap.c -g -DLINUX_GLIBC $(DEBUG)
+ 	ld -Bshareable -o fzap.so fzap.o $(LDOPT)
+ 
+-freebsd:
+-	$(CC) $(COPT) fzap.c -g $(DEBUG)
+openbsd freebsd:
+	$(CC) $(CFLAGS) $(COPT) fzap.c -g $(DEBUG)
+ 	ld -Bshareable -o fzap.so fzap.o
+ 
+ 
--- a/security/ADMfzap/patches/patch-ab
+++ b/security/ADMfzap/patches/patch-ab
@ -0,0 +1,32 @@
+--- fzap.h.orig	Mon Feb 15 18:50:43 1999
+++ fzap.h	Thu Apr  6 15:51:10 2000
+@@ -1,8 +1,9 @@
+#include <sys/param.h>
+ 
+ void DBG(char *fmt,...)
+ {
+-    va_list *ap;
+ #ifdef DEBUG
+    va_list *ap;
+     va_start(ap, fmt);
+     fprintf(stderr, "\n[fzap:DBG]\t");
+     vfprintf(stderr, fmt, ap);
+@@ -47,12 +48,12 @@
+ #endif
+ 
+ 
+-#ifdef __FreeBSD__
+-#define LIB_PATH "/usr/lib/libc.so.3.0"
+-#define CONNECT(A,B,C) int connect(int A, const struct sockaddr *B, int C)
+-int (*old_connect)(int, const struct sockaddr *, int)=NULL;
+-#define BIND(A,B,C) int bind __P((int A, const struct sockaddr * B, int C))
+-int (*old_bind)(int, const struct sockaddr *, int);
+#ifdef BSD
+#define LIB_PATH "/usr/lib/libc.so.23.1"
+#define CONNECT(A,B,C) int connect(int A, const struct sockaddr *B, socklen_t C)
+int (*old_connect)(int, const struct sockaddr *, socklen_t)=NULL;
+#define BIND(A,B,C) int bind __P((int A, const struct sockaddr * B, socklen_t C))
+int (*old_bind)(int, const struct sockaddr *, socklen_t);
+ #endif
+ 
+ 
--- a/security/ADMfzap/patches/patch-ac
+++ b/security/ADMfzap/patches/patch-ac
@ -0,0 +1,39 @@
+--- fzap.c.orig	Mon Feb 15 17:50:46 1999
+++ fzap.c	Thu Apr  6 15:52:19 2000
+@@ -40,6 +40,7 @@
+ 
+ void _init()
+ {
+#ifndef __OpenBSD__
+     void *handle;
+ 
+     handle = dlopen(LIB_PATH, 1);
+@@ -52,14 +53,15 @@
+ 	fprintf(stderr, "\n[fzap] dlopen error!\n");
+ 	return;
+     }
+#endif
+     DBG("Warning: fzap loaded!");
+ }
+ 
+ 
+ CONNECT(__fd, __addr, __len)
+ {
+-    int result, truc, t2 = sizeof(int), loport = 0;
+-    struct sockaddr_in *my_addr;
+    int result = -1, truc, t2 = sizeof(int), loport = 0;
+    struct sockaddr_in *my_addr = NULL;
+     char *lprt;
+     void *handle;
+ 
+@@ -146,8 +148,8 @@
+ 
+ BIND(__fd, __addr, __len)
+ {
+-    int result, truc, t2 = sizeof(int), loport = 0, oldport = 0;
+-    struct sockaddr_in *my_addr;
+    int result = 0, truc, t2 = sizeof(int), loport = 0, oldport = 0;
+    struct sockaddr_in *my_addr = NULL;
+     char *lprt;
+     void *handle;
+ 
--- a/security/ADMfzap/pkg/COMMENT
+++ b/security/ADMfzap/pkg/COMMENT
@ -0,0 +1 @@
+connect() and bind() wrapper to evade packet filtering
--- a/security/ADMfzap/pkg/DESCR
+++ b/security/ADMfzap/pkg/DESCR
@ -0,0 +1,21 @@
+
+                      ___      ______      _       _
+                    /     \   |   _   \   |  \   /  |
+                   |  / \  |  |  |  \  |  |   \_/   |
+                   | |___| |  |  |_ /  |  |   \_/   |
+..oO  THE          |  ---  |  |       /   |  |   |  |         CreW Oo..
+                   '''   '''   '''''''    ''''   ''''
+                               presents
+
+
+		      [ ADMfzap 0.1 by plaguez ]
+
+	  a libdl-based connect() and bind() wrapper that
+	  helps bypassing poorly configured packet filters.
+
+
+ADMfzap makes all (or most of) your connect() and bind()
+calls originating from port 20 (tcp, ftp-data) or 53 (udp,
+dns). Alternatly, the source port can also be configured
+via the environment variable $LOPORT.
+
--- a/security/ADMfzap/pkg/PLIST
+++ b/security/ADMfzap/pkg/PLIST
@ -0,0 +1,2 @@
+lib/libfzap.so
+bin/ADMfzap
				`@ -0,0 +1 @@`
				`connect() and bind() wrapper to evade packet filtering`