Close holes in perl scripts which allow local users to run arbitrary

commands as the majordomo user. Submitted by: Dale Clark <clark@ARSC.EDU>
svn path=/head/; revision=24433
2025-02-05 11:35:01 +00:00 · 2000-01-05 09:59:39 +00:00 · 2000-01-05 09:59:39 +00:00 · 8f9bd2a169 · 2021-03-31 03:12:20 +00:00
commit 8f9bd2a169
parent ef15f7ecfe
1 changed files with 211 additions and 0 deletions
--- a/mail/majordomo/files/patch-sec1
+++ b/mail/majordomo/files/patch-sec1
@ -0,0 +1,211 @@
+--- archive2.pl	Mon Jan  3 14:35:32 2000
+++ archive2.pl.new	Mon Jan  3 14:36:16 2000
+@@ -54,10 +54,23 @@
+     shift(@ARGV);
+     shift(@ARGV);
+ }
+-if (! -r $cf) {
+-    die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+
+ # All these should be in the standard PERL library
+ unshift(@INC, $homedir);
+--- bounce-remind	Mon Jan  3 14:35:32 2000
+++ bounce-remind.new	Mon Jan  3 14:38:16 2000
+@@ -24,10 +24,23 @@
+     shift(@ARGV);
+     shift(@ARGV);
+ }
+-if (! -r $cf) {
+-    die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+
+ # Go to the home directory specified by the .cf file
+ chdir("$homedir");
+--- config-test.orig	Wed Aug 27 08:17:13 1997
+++ config-test	Wed Jan  5 01:41:37 2000
+@@ -119,10 +119,21 @@
+ 
+ $cf = $ARGV[0] || $ENV{'MAJORDOMO_CF'};
+ 
+-if (eval "require '$cf'") { 
+-    &good("'require'd $cf okay.");    
+-} else {
+-    &bad("something's wrong with $cf: $@");
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+ }
+ 
+ foreach (@requires) {
+--- digest.orig	Wed Jan  5 01:44:09 2000
+++ digest	Wed Jan  5 01:45:38 2000
+@@ -315,7 +315,23 @@
+ 		# Read and execute the .cf file
+ 		$cf = $opt_c || $ENV{"MAJORDOMO_CF"} || 
+ 		    "%%PREFIX%%/majordomo/majordomo.cf";
+-		require "$cf";
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+ 
+ 		chdir($homedir);
+ 
+--- majordomo	Mon Jan  3 13:37:13 2000
+++ majordomo.new	Mon Jan  3 14:15:29 2000
+@@ -40,11 +40,23 @@
+ 	die "Unknown argument $ARGV[0]\n";
+     }
+ }
+-if (! -r $cf) {
+-    die("$cf not readable; stopped");
+-}
+
+-require "$cf";
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+
+ # Go to the home directory specified by the .cf file
+ chdir("$homedir") || die "chdir to $homedir failed, $!\n";
+--- request-answer	Mon Jan  3 14:35:32 2000
+++ request-answer.new	Mon Jan  3 15:09:02 2000
+@@ -20,10 +20,23 @@
+     shift(@ARGV);
+     shift(@ARGV);
+ }
+-if (! -r $cf) {
+-    die("$cf not readable; stopped");
+
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+ }
+-require "$cf";
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+
+ chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
+ unshift(@INC, $homedir);
+--- resend	Mon Jan  3 15:14:49 2000
+++ resend.new	Mon Jan  3 15:16:01 2000
+@@ -56,7 +56,7 @@
+ if ($ARGV[0] =~ /^\@/) {
+     $fn = shift(@ARGV);
+     $fn =~ s/^@//;
+-    open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped");
+    sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped");
+     undef($/);	# set input field separator
+     $av = <AV>;	# read whole file into string
+     close(AV);
+@@ -84,11 +84,23 @@
+ # Despite not having a place to send the remains of the body,
+ # it would be nice to send a message to root or postmaster, at least...
+ #
+-if (! -r $cf) {
+-    die("$cf not readable; stopped");
+-}
+
+-require "$cf";
+if (not sysopen CONFIG,$cf,O_RDONLY)
+{
+  die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : '';
+}
+elsif ((stat CONFIG)[4] != $>)
+{
+  die qq|Config file "$cf" not owned by effective UID.\n|;
+}
+elsif (eval(join '',<CONFIG>),$@)
+{
+  die qq|Unable to eval "$cf": $@.\n|;
+}
+else
+{
+  close CONFIG;
+}
+
+ chdir($homedir) || die("Can't chdir(\"$homedir\"): $!");
+