Attachment #38191 for bug #60516

View | Details | Raw Unified | Return to bug 60516
Collapse All | Expand All

Lines 7-13 Link Here

(-)Makefile (-2 / +2 lines)
7		7
8	PORTNAME= op	8	PORTNAME= op
9	PORTVERSION= 1.11	9	PORTVERSION= 1.11
10	PORTREVISION= 2	10	PORTREVISION= 3
11	CATEGORIES= security	11	CATEGORIES= security
12	MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \	12	MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \
13	ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \	13	ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \
Lines 15-21 Link Here
15	ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/	15	ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/
16	MASTER_SITE_SUBDIR= unix/sysutils/${PORTNAME}	16	MASTER_SITE_SUBDIR= unix/sysutils/${PORTNAME}
17		17
18	MAINTAINER= cyrille.lefevre@laposte.net	18	MAINTAINER= Steve Simmons <scs@umich.edu>
19	COMMENT= Allow others to run commands as root (like sudo but different)	19	COMMENT= Allow others to run commands as root (like sudo but different)
20		20
21	# Global variables	21	# Global variables

Lines 1-5 Link Here

(-)files/patch-main.c (-8 / +29 lines)
1	--- main.c.orig Wed Oct 15 05:58:41 2003	1	--- main.c.orig Mon Dec 22 23:26:47 2003
2	+++ main.c Wed Oct 15 06:02:22 2003	2	+++ main.c Mon Dec 22 23:27:23 2003
3	@@ -9,7 +9,7 @@	3	@@ -9,7 +9,7 @@
4	/* +-------------------------------------------------------------------+ */	4	/* +-------------------------------------------------------------------+ */
5		5
Lines 9-15 Link Here
9	#include <syslog.h>	9	#include <syslog.h>
10	#include <pwd.h>	10	#include <pwd.h>
11	#include <grp.h>	11	#include <grp.h>
12	@@ -170,14 +170,11 @@	12	@@ -51,6 +51,7 @@
		13	extern char getpass(), crypt();
		14
		15	char *Progname;
		16	+int fatal(char *s, ...);
		17	char *format_cmd();
		18	char *GetCode();
		19	cmd_t *Find();
		20	@@ -170,14 +171,11 @@
13	return Go(new, num, argc, argv);	21	return Go(new, num, argc, argv);
14	}	22	}
15		23
Lines 26-32 Link Here
26	vfprintf(stderr, s, ap);	34	vfprintf(stderr, s, ap);
27	fputc('\n', stderr);	35	fputc('\n', stderr);
28	va_end(ap);	36	va_end(ap);
29	@@ -448,29 +445,17 @@	37	@@ -448,35 +446,28 @@
30	char cp, np;	38	char cp, np;
31	struct passwd *pw;	39	struct passwd *pw;
32	struct group *gr;	40	struct group *gr;
Lines 50-64 Link Here
50	- }	58	- }
51	-	59	-
52	if ((cp = FindOpt(cmd, "gid")) == NULL) {	60	if ((cp = FindOpt(cmd, "gid")) == NULL) {
53	; /* don't have a default */	61	- ; /* don't have a default */
		62	+ if (setgid(0) < 0)
		63	+ fatal("Unable to set gid to default", cp);
54	} else {	64	} else {
55	for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) {	65	for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) {
56	- if ((gr = getgrnam(cp)) != NULL)	66	- if ((gr = getgrnam(cp)) != NULL)
57	+ if ((gr = getgrnam(str)) != NULL)	67	+ if ((gr = getgrnam(str)) != NULL)
58	gidset[ngroups++] = gr->gr_gid;	68	gidset[ngroups++] = gr->gr_gid;
		69	+ else
		70	+ gidset[ngroups++] = atoi(str);
59	}	71	}
60	if (ngroups == 0)	72	if (ngroups == 0)
61	@@ -533,6 +518,18 @@	73	- fatal("Unable to setgid to any group");
		74	+ fatal("Unable to set gid to any group");
		75	if (setgroups(ngroups, gidset) < 0)
		76	- fatal("Set group failed");
		77	+ fatal("Unable to set auxiliary groups");
		78	+ if (setgid(gidset[0]) < 0)
		79	+ fatal("Unable to set gid to %s", gidset[0]);
		80	}
		81
		82	if ((cp = FindOpt(cmd, "umask")) == NULL) {
		83	@@ -533,6 +524,17 @@
62	new_envp[curenv++] = environ[i];	84	new_envp[curenv++] = environ[i];
63	}	85	}
64	new_envp[curenv] = NULL;	86	new_envp[curenv] = NULL;
Lines 70-77 Link Here
70	+ if ((pw = getpwnam(cp)) == NULL) {	92	+ if ((pw = getpwnam(cp)) == NULL) {
71	+ if (setuid(atoi(cp)) < 0)	93	+ if (setuid(atoi(cp)) < 0)
72	+ fatal("Unable to set uid to %s", cp);	94	+ fatal("Unable to set uid to %s", cp);
73	+ }	95	+ } else if (setuid(pw->pw_uid) < 0)
74	+ if (setuid(pw->pw_uid) < 0)
75	+ fatal("Unable to set uid to %s", cp);	96	+ fatal("Unable to set uid to %s", cp);
76	+ }	97	+ }

Return to bug 60516