SECURITY:
libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application utilizes libsasl, it may be possible for a local attacker to gain superuser privileges. ok jakob@
This commit is contained in:
parent
69ad59ca7c
commit
d9e2a34829
@ -1,8 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.18 2004/09/26 10:01:01 sturm Exp $
|
||||
# $OpenBSD: Makefile,v 1.19 2004/10/11 13:19:46 robert Exp $
|
||||
|
||||
COMMENT= "RFC 2222 SASL (Simple Authentication and Security Layer)"
|
||||
|
||||
DISTNAME= cyrus-sasl-2.1.19
|
||||
PKGNAME= ${DISTNAME}p1
|
||||
CATEGORIES= security
|
||||
|
||||
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ \
|
||||
|
14
security/cyrus-sasl2/patches/patch-lib_common_c
Normal file
14
security/cyrus-sasl2/patches/patch-lib_common_c
Normal file
@ -0,0 +1,14 @@
|
||||
$OpenBSD: patch-lib_common_c,v 1.1 2004/10/11 13:19:46 robert Exp $
|
||||
--- lib/common.c.orig Mon Oct 11 14:05:00 2004
|
||||
+++ lib/common.c Mon Oct 11 14:06:48 2004
|
||||
@@ -1838,7 +1838,10 @@
|
||||
if (! path)
|
||||
return SASL_BADPARAM;
|
||||
|
||||
+ /* Honor external variable only in a safe environment */
|
||||
+ if (getuid() == getuid() && getgid() == getgid())
|
||||
*path = getenv(SASL_PATH_ENV_VAR);
|
||||
+
|
||||
if (! *path)
|
||||
*path = PLUGINDIR;
|
||||
|
Loading…
Reference in New Issue
Block a user