Attachment #27856 for bug #47091

View | Details | Raw Unified | Return to bug 47091
Collapse All | Expand All

Lines 7-13 Link Here

(-)ezmlm-idx/Makefile (-2 / +2 lines)
7		7
8	PORTNAME= ezmlm-idx	8	PORTNAME= ezmlm-idx
9	PORTVERSION= 0.40	9	PORTVERSION= 0.40
10	PORTREVISION= 1	10	PORTREVISION= 2
11	CATEGORIES= mail	11	CATEGORIES= mail
12	MASTER_SITES= ftp://ftp.ezmlm.org/pub/patches/ \	12	MASTER_SITES= ftp://ftp.ezmlm.org/pub/patches/ \
13	ftp://ftp.rivertown.net/pub/ezmlm/ \	13	ftp://ftp.rivertown.net/pub/ezmlm/ \
Lines 80-86 Link Here
80		80
81	pre-patch:	81	pre-patch:
82	@${MV} -f ${WRKDIR}/ezmlm-idx-${PORTVERSION}/* ${WRKSRC}	82	@${MV} -f ${WRKDIR}/ezmlm-idx-${PORTVERSION}/* ${WRKSRC}
83	@cd ${WRKSRC} && ${PATCH} < idx.patch	83	@cd ${WRKSRC} && ${PATCH} ${PATCH_ARGS} < idx.patch
84		84
85	post-patch:	85	post-patch:
86	@${ECHO_CMD} ${PREFIX}/bin > ${WRKSRC}/conf-bin	86	@${ECHO_CMD} ${PREFIX}/bin > ${WRKSRC}/conf-bin




--- ezmlm-cgi.c.orig	Thu Dec  7 13:26:45 2000
+++ ezmlm-cgi.c	Thu Dec  7 13:36:30 2000
@@ -805,31 +805,8 @@
   if ((flagspecial & SPC_BANNER) && banner && *banner) {
     oputs("<DIV class=banner>\n");
     if (*banner == '<') oputs(banner);
-    else {
-      substdio_flush(&ssout);
-      sig_pipeignore();
-      bannerargs[0] = banner;
-      bannerargs[1] = host;
-      bannerargs[2] = local;
-      bannerargs[3] = 0;
-	/* We log errors but just complete the page anyway, since we're */
-	/* already committed to output something. */
-      switch(child = fork()) {
-        case -1:
-          strerr_warn3(FATAL,ERR_FORK,"banner program: ",&strerr_sys);
-          break;
-        case 0:
-          execv(*bannerargs,bannerargs);
-          strerr_die3x(100,FATAL,ERR_EXECUTE,"banner program: ");
-	  break;
-      }
-         /* parent */
-      wait_pid(&wstat,child);
-      if (wait_crashed(wstat))
-        strerr_warn2(FATAL,ERR_CHILD_CRASHED,(struct strerr *) 0);
-      if (wait_exitcode(wstat))
-        strerr_warn2(FATAL,ERR_CHILD_UNKNOWN,(struct strerr *) 0);
-    }
+    else
+      strerr_die2x(100,FATAL,"Sorry - banner programs not supported");
     oputs("</DIV>\n");
   }
   oputs("</BODY>\n</HTML>\n");
--- ezmlm-cgi.1.orig	Thu Dec  7 13:40:43 2000
+++ ezmlm-cgi.1	Thu Dec  7 13:56:44 2000
@@ -234,16 +234,21 @@
 to avoid trapping robots in the archive.
 .SH EXECUTION
 .B ezmlm-cgi
-can operate in three modes,
-.IR SUID\ root ,
-.IR SUID\ user ,
+can operate in two modes,
+.I SUID\ root
 and
 .IR normal .
+.B ezmlm-cgi
+should not be installed SUID
+.I user
+other than root.
+Please see the
+.B SECURITY
+section before installing SUID
+.IR root .
 
 In
 .I normal
-and
-.I SUID user
 mode,
 .B ezmlm-cgi
 will read the configuration file
@@ -255,9 +260,7 @@
 .B ezmlm-cgi
 is in), then
 change directory to the list directory. ``uid'' is ignored.
-.I SUID user
-may be required to read the particular archive if it is not owned by the
-httpd user. For user installations or systems where
+For user installations or systems where
 the httpd user has access to all the lists,
 .I normal
 mode usually gives sufficient access.
@@ -277,22 +280,10 @@
 directory is not, it is safest to leave ``uid'' blank. The httpd user will still
 be able to read the files.
 .SH "EXECUTION OF BANNER PROGRAMS"
-A banner program can be specified in the config file. It is executed
-immediately before the end of the text. The formatting for
-``<BODY>'' is active and the banner program output is encapsulated in
-a ``<DIV class=banner>'' segment to allow additional formatting.
-The banner program is called for all summary views, but not for the message
-view itself.
-
-The banner program is give the list local name as argument 1, and the host
-name as argument 2. It is expected to exit 0 on success. The return code is
-checked, but the archive page (and whatever the banner program has already
-produced) is output even if the banner program fails.
-
-.B chroot(3)
-may make it difficult to run banner programs that depend on e.g. ``sh''
-or ``perl''. For this reason, the chroot call can be suppressed by prefixing
-the ``uid'' with a ``-''.
+.B ezmlm-cgi
+supports display of banners, but not execution of banner programs. To
+obtain dynamic banners, use a URL that points to a banner program elsewhere.
+
 .SH SECURITY
 .B ezmlm-cgi
 will refuse to run as root.
@@ -308,14 +299,8 @@
 list directories and archives).
 
 .B ezmlm-cgi
-will allow execution of banner programs that are located outside of the list
-directory. These are executed with the privileges of the userid set in the
-config file. If the program is installed SUID root, banner programs outside
-of the list directory are not normally accessible. Even when this is overridden,
-.B ezmlm-cgi
-will never execute the program with root permissions.
+will not allow execution of banner programs.
 
-Input to the CGI script is not propagated to the banner program.
 .SH BUGS
 .B ezmlm-send(1)
 updates the list message counter once a message is safely archived, but

Return to bug 47091

Line 0 Link Here

(-)ezmlm-idx/files/patch-security-ezmlm-cgi (+119 lines)
		1	--- ezmlm-cgi.c.orig Thu Dec 7 13:26:45 2000
		2	+++ ezmlm-cgi.c Thu Dec 7 13:36:30 2000
		3	@@ -805,31 +805,8 @@
		4	if ((flagspecial & SPC_BANNER) && banner && *banner) {
		5	oputs("<DIV class=banner>\n");
		6	if (*banner == '<') oputs(banner);
		7	- else {
		8	- substdio_flush(&ssout);
		9	- sig_pipeignore();
		10	- bannerargs[0] = banner;
		11	- bannerargs[1] = host;
		12	- bannerargs[2] = local;
		13	- bannerargs[3] = 0;
		14	- /* We log errors but just complete the page anyway, since we're */
		15	- /* already committed to output something. */
		16	- switch(child = fork()) {
		17	- case -1:
		18	- strerr_warn3(FATAL,ERR_FORK,"banner program: ",&strerr_sys);
		19	- break;
		20	- case 0:
		21	- execv(*bannerargs,bannerargs);
		22	- strerr_die3x(100,FATAL,ERR_EXECUTE,"banner program: ");
		23	- break;
		24	- }
		25	- /* parent */
		26	- wait_pid(&wstat,child);
		27	- if (wait_crashed(wstat))
		28	- strerr_warn2(FATAL,ERR_CHILD_CRASHED,(struct strerr *) 0);
		29	- if (wait_exitcode(wstat))
		30	- strerr_warn2(FATAL,ERR_CHILD_UNKNOWN,(struct strerr *) 0);
		31	- }
		32	+ else
		33	+ strerr_die2x(100,FATAL,"Sorry - banner programs not supported");
		34	oputs("</DIV>\n");
		35	}
		36	oputs("</BODY>\n</HTML>\n");
		37	--- ezmlm-cgi.1.orig Thu Dec 7 13:40:43 2000
		38	+++ ezmlm-cgi.1 Thu Dec 7 13:56:44 2000
		39	@@ -234,16 +234,21 @@
		40	to avoid trapping robots in the archive.
		41	.SH EXECUTION
		42	.B ezmlm-cgi
		43	-can operate in three modes,
		44	-.IR SUID\ root ,
		45	-.IR SUID\ user ,
		46	+can operate in two modes,
		47	+.I SUID\ root
		48	and
		49	.IR normal .
		50	+.B ezmlm-cgi
		51	+should not be installed SUID
		52	+.I user
		53	+other than root.
		54	+Please see the
		55	+.B SECURITY
		56	+section before installing SUID
		57	+.IR root .
		58
		59	In
		60	.I normal
		61	-and
		62	-.I SUID user
		63	mode,
		64	.B ezmlm-cgi
65	will read the configuration file
66	@@ -255,9 +260,7 @@
67	.B ezmlm-cgi
68	is in), then
69	change directory to the list directory. ``uid'' is ignored.
70	-.I SUID user
71	-may be required to read the particular archive if it is not owned by the
72	-httpd user. For user installations or systems where
73	+For user installations or systems where
74	the httpd user has access to all the lists,
75	.I normal
76	mode usually gives sufficient access.
77	@@ -277,22 +280,10 @@
78	directory is not, it is safest to leave ``uid'' blank. The httpd user will still
79	be able to read the files.
80	.SH "EXECUTION OF BANNER PROGRAMS"
81	-A banner program can be specified in the config file. It is executed
82	-immediately before the end of the text. The formatting for
83	-``<BODY>'' is active and the banner program output is encapsulated in
84	-a ``<DIV class=banner>'' segment to allow additional formatting.
85	-The banner program is called for all summary views, but not for the message
86	-view itself.
87	-
88	-The banner program is give the list local name as argument 1, and the host
89	-name as argument 2. It is expected to exit 0 on success. The return code is
90	-checked, but the archive page (and whatever the banner program has already
91	-produced) is output even if the banner program fails.
92	-
93	-.B chroot(3)
94	-may make it difficult to run banner programs that depend on e.g. ``sh''
95	-or ``perl''. For this reason, the chroot call can be suppressed by prefixing
96	-the ``uid'' with a ``-''.
97	+.B ezmlm-cgi
98	+supports display of banners, but not execution of banner programs. To
99	+obtain dynamic banners, use a URL that points to a banner program elsewhere.
100	+
101	.SH SECURITY
102	.B ezmlm-cgi
103	will refuse to run as root.
104	@@ -308,14 +299,8 @@
105	list directories and archives).
106
107	.B ezmlm-cgi
108	-will allow execution of banner programs that are located outside of the list
109	-directory. These are executed with the privileges of the userid set in the
110	-config file. If the program is installed SUID root, banner programs outside
111	-of the list directory are not normally accessible. Even when this is overridden,
112	-.B ezmlm-cgi
113	-will never execute the program with root permissions.
114	+will not allow execution of banner programs.
115
116	-Input to the CGI script is not propagated to the banner program.
117	.SH BUGS
118	.B ezmlm-send(1)
119	updates the list message counter once a message is safely archived, but