[src/netbsd-1-6]: src/gnu/dist/sendmail/smrsh Pull up revision 1.9 (requested...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-6]: src/gnu/dist/sendmail/smrsh Pull up revision 1.9 (requested...
From: lukem <lukem%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 11:14:11 +0000

details:   https://anonhg.NetBSD.org/src/rev/d75b78104122
branches:  netbsd-1-6
changeset: 529139:d75b78104122
user:      lukem <lukem%NetBSD.org@localhost>
date:      Thu Oct 03 03:34:46 2002 +0000

description:
Pull up revision 1.9 (requested by itojun in ticket #898):
more strict checking on command invocation.
http://www.sendmail.org/smrsh.adv.txt, NetBSD PR 18516

diffstat:

 gnu/dist/sendmail/smrsh/smrsh.c |  35 +++++++++++++++++++++++++++++++++++
 1 files changed, 35 insertions(+), 0 deletions(-)

diffs (59 lines):

diff -r 0a346505ab8d -r d75b78104122 gnu/dist/sendmail/smrsh/smrsh.c
--- a/gnu/dist/sendmail/smrsh/smrsh.c   Thu Oct 03 01:48:21 2002 +0000
+++ b/gnu/dist/sendmail/smrsh/smrsh.c   Thu Oct 03 03:34:46 2002 +0000
@@ -57,6 +57,8 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <sys/file.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <string.h>
 #include <ctype.h>
 #include <errno.h>
@@ -154,6 +156,7 @@
        char cmdbuf[1000];
        char pathbuf[1000];
        char specialbuf[32];
+       struct stat st;
 
 #ifndef DEBUG
 # ifndef LOG_MAIL
@@ -291,6 +294,38 @@
 #ifdef DEBUG
                        printf("Trying %s\n", cmdbuf);
 #endif /* DEBUG */
+                       if (stat(cmdbuf, &st) < 0)
+                       {
+                               /* can't stat it */
+                               fprintf(stderr,
+                                   "%s: %s not available for sendmail programs (stat failed)\n",
+                                                     prg, cmd);
+                               if (p != NULL)
+                                       *p = ' ';
+#ifndef DEBUG
+                               syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
+                                      (int) getuid(), cmd);
+#endif /* ! DEBUG */
+                               exit(EX_UNAVAILABLE);
+                       }
+                       if (!S_ISREG(st.st_mode)
+#ifdef S_ISLNK
+                           && !S_ISLNK(st.st_mode)
+#endif /* S_ISLNK */
+                          )
+                       {
+                               /* can't stat it */
+                               fprintf(stderr,
+                                       "%s: %s not available for sendmail programs (not a file)\n",
+                                                     prg, cmd);
+                               if (p != NULL)
+                                       *p = ' ';
+#ifndef DEBUG
+                               syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
+                                      (int) getuid(), cmd);
+#endif /* ! DEBUG */
+                               exit(EX_UNAVAILABLE);
+                       }
                        if (access(cmdbuf, X_OK) < 0)
                        {
                                /* oops....  crack attack possiblity */

Prev by Date: [src/netbsd-1-6]: src/gnu/dist/toolchain/gdb Pull up revision 1.7 (requested ...
Next by Date: [src/netbsd-1-6]: src/usr.sbin/lpr/lpd Pull up revision 1.43 (via patch) (req...
Previous by Thread: [src/netbsd-1-6]: src/gnu/dist/toolchain/gdb Pull up revision 1.7 (requested ...
Next by Thread: [src/netbsd-1-6]: src/usr.sbin/lpr/lpd Pull up revision 1.43 (via patch) (req...
Indexes:

Home | Main Index | Thread Index | Old Index