Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 57390 Details for
Bug 90622
net-mail/qpopper Two issues (CAN-2005-115{1|2})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch.CAN-2005-1151.qpopper
patch.CAN-2005-1151.qpopper (text/plain), 5.16 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-04-27 08:10:04 UTC
(
hide
)
Description:
patch.CAN-2005-1151.qpopper
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-04-27 08:10:04 UTC
Size:
5.16 KB
patch
obsolete
>diff -u qpopper-4.0.4/debian/changelog qpopper-4.0.4/debian/changelog >--- qpopper-4.0.4/debian/changelog >+++ qpopper-4.0.4/debian/changelog >@@ -1,3 +1,15 @@ >+qpopper (4.0.4-2.woody.5) stable-security; urgency=high >+ >+ * Non-maintainer upload by the Security Team >+ * Backported upstream patch to fix unauthorised file read access >+ [popper/pop_config.c, CAN-2005-1151] >+ * Backported upstream patch to fix unauthorised file write access >+ [popper/popauth.c, CAN-2005-1151] >+ >+ -- Martin Schulze <joey@infodrom.org> Wed, 20 Apr 2005 20:27:57 +0200 >+ > qpopper (4.0.4-2.woody.4) stable-security; urgency=medium > > * Non-maintainer upload by the Security Team >only in patch2: >unchanged: >--- qpopper-4.0.4.orig/popper/pop_config.c >+++ qpopper-4.0.4/popper/pop_config.c >@@ -85,6 +85,7 @@ > #include <string.h> > #include <errno.h> > #include <ctype.h> >+#include <unistd.h> > > #include "popper.h" > #include "utils.h" >@@ -1487,6 +1488,8 @@ > int rslt; > char buf [ 256 ]; > struct stat stat_buf; >+ BOOL bUser = FALSE; >+ BOOL bSpool = FALSE; > > > if ( p->bUser_opts ) { >@@ -1497,14 +1500,8 @@ > p->user ); > else { > rslt = stat ( buf, &stat_buf ); >- if ( rslt == 0 ) { >- rslt = pop_config ( p, buf, CfgUser ); >- if ( rslt == POP_FAILURE ) { >- pop_log ( p, POP_PRIORITY, HERE, >- "Unable to process user options file for user %s", >- p->user ); >- } >- } >+ if ( rslt == 0 ) >+ bUser = TRUE; > } > } /* p->user_opts */ > >@@ -1517,16 +1514,46 @@ > p->user ); > else { > rslt = stat ( buf, &stat_buf ); >- if ( rslt == 0 ) { >- rslt = pop_config ( p, buf, CfgConnected ); >- if ( rslt == POP_FAILURE ) { >- pop_log ( p, POP_PRIORITY, HERE, >- "Unable to process spool options file for user %s", >- p->user ); >- } >- } >+ if ( rslt == 0 ) >+ bSpool = TRUE; > } > } /* p->spool_opts */ >+ >+ /* >+ * If we are to process either, do it as the user, not root >+ */ >+ if ( bUser || bSpool ) { >+ UID_T uid_save = 0; >+ >+ uid_save = geteuid(); >+ if ( seteuid ( pwp->pw_uid ) != 0 ) { >+ rslt = POP_FAILURE; /* seteuid failed */ >+ pop_log ( p, POP_PRIORITY, HERE, >+ "seteuid(%i) for user %s failed", >+ pwp->pw_uid, p->user ); >+ } /* seteuid failed */ >+ else { /* we are now the user */ >+ if ( bUser ) { >+ rslt = pop_config ( p, buf, CfgConnected ); >+ if ( rslt == POP_FAILURE ) >+ pop_log ( p, POP_PRIORITY, HERE, >+ "Unable to process user options file for user %s", >+ p->user ); >+ } >+ >+ if ( bSpool ) { >+ rslt = pop_config ( p, buf, CfgConnected ); >+ if ( rslt == POP_FAILURE ) >+ pop_log ( p, POP_PRIORITY, HERE, >+ "Unable to process spool options file for user %s", >+ p->user ); >+ } >+ >+ if ( seteuid ( uid_save ) != 0 ) >+ pop_log ( p, POP_PRIORITY, HERE, >+ "seteuid(%i) back failed", uid_save ); >+ } /* we are now the user */ >+ } /* bUser || bSpool */ > } > > >only in patch2: >unchanged: >--- qpopper-4.0.4.orig/popper/popauth.c >+++ qpopper-4.0.4/popper/popauth.c >@@ -107,6 +107,7 @@ > #include <fcntl.h> > #include <errno.h> > #include <string.h> >+#include <unistd.h> > > #ifndef HAVE_BCOPY > # define bcopy(src,dest,len) (void) (memcpy(dest,src,len)) >@@ -277,6 +278,7 @@ > static void helpful ( void ); > static int check_db_err ( void *db, const char *op, BOOL bExp ); > static const char *printable ( const char *p, int len ); >+static void open_trace ( char *fname ); > > > static void >@@ -453,6 +455,30 @@ > } > > >+void >+open_trace ( char *tname ) >+{ >+ UID_T uid_save = -1; >+ UID_T myuid = -1; >+ >+ >+ uid_save = geteuid(); >+ myuid = getuid(); >+ if ( seteuid ( myuid ) != 0 ) >+ adios ( HERE, "internal error @ %i", __LINE__ ); >+ >+ trace_file = fopen ( tname, "a+" ); >+ if ( trace_file == NULL ) >+ adios ( HERE, "Unable to open trace file \"%s\": %s (%d)\n", >+ tname, STRERROR(errno), errno ); >+ BLATHER1 ( "Trace and Debug destination is file \"%s\"", >+ tname ); >+ >+ if ( seteuid ( uid_save ) != 0 ) >+ adios ( HERE, "internal error @ %i", __LINE__ ); >+} >+ >+ > #ifndef HAVE_STRDUP > #include <stddef.h> > >@@ -748,13 +775,7 @@ > helpful(); > case TRACESW: > debug++; >- trace_file = fopen ( argv[1], "a+" ); >- if ( trace_file == NULL ) >- adios ( HERE, >- "Unable to open trace file \"%s\": %s (%d)\n", >- argv[1], STRERROR(errno), errno ); >- BLATHER1 ( "Trace and Debug destination is file \"%s\"", >- argv[1] ); >+ open_trace ( argv[1] ); > argc--; > argv++; > break;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=57390">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 90622
:
57390
|
57391
|
58328
|
58329
|
58330
|
58505
