diff options
Diffstat (limited to 'mail/majordomo/files/patch-sec1')
| -rw-r--r-- | mail/majordomo/files/patch-sec1 | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/mail/majordomo/files/patch-sec1 b/mail/majordomo/files/patch-sec1 index c0776f1f6042..d13161a1aefd 100644 --- a/mail/majordomo/files/patch-sec1 +++ b/mail/majordomo/files/patch-sec1 @@ -1,32 +1,3 @@ ---- archive2.pl Mon Jan 3 14:35:32 2000 -+++ archive2.pl.new Mon Jan 3 14:36:16 2000 -@@ -54,10 +54,23 @@ - shift(@ARGV); - shift(@ARGV); - } --if (! -r $cf) { -- die("$cf not readable; stopped"); -+ -+if (not sysopen CONFIG,$cf,O_RDONLY) -+{ -+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; - } --require "$cf"; -+elsif ((stat CONFIG)[4] != $>) -+{ -+ die qq|Config file "$cf" not owned by effective UID.\n|; -+} -+elsif (eval(join '',<CONFIG>),$@) -+{ -+ die qq|Unable to eval "$cf": $@.\n|; -+} -+else -+{ -+ close CONFIG; -+} - - # All these should be in the standard PERL library - unshift(@INC, $homedir); --- bounce-remind Mon Jan 3 14:35:32 2000 +++ bounce-remind.new Mon Jan 3 14:38:16 2000 @@ -24,10 +24,23 @@ @@ -84,33 +55,6 @@ } foreach (@requires) { ---- digest.orig Wed Jan 5 01:44:09 2000 -+++ digest Wed Jan 5 01:45:38 2000 -@@ -315,7 +315,23 @@ - # Read and execute the .cf file - $cf = $opt_c || $ENV{"MAJORDOMO_CF"} || - "%%PREFIX%%/majordomo/majordomo.cf"; -- require "$cf"; -+ -+if (not sysopen CONFIG,$cf,O_RDONLY) -+{ -+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; -+} -+elsif ((stat CONFIG)[4] != $>) -+{ -+ die qq|Config file "$cf" not owned by effective UID.\n|; -+} -+elsif (eval(join '',<CONFIG>),$@) -+{ -+ die qq|Unable to eval "$cf": $@.\n|; -+} -+else -+{ -+ close CONFIG; -+} - - chdir($homedir); - --- majordomo Mon Jan 3 13:37:13 2000 +++ majordomo.new Mon Jan 3 14:15:29 2000 @@ -40,11 +40,23 @@ @@ -141,71 +85,3 @@ # Go to the home directory specified by the .cf file chdir("$homedir") || die "chdir to $homedir failed, $!\n"; ---- request-answer Mon Jan 3 14:35:32 2000 -+++ request-answer.new Mon Jan 3 15:09:02 2000 -@@ -20,10 +20,23 @@ - shift(@ARGV); - shift(@ARGV); - } --if (! -r $cf) { -- die("$cf not readable; stopped"); -+ -+if (not sysopen CONFIG,$cf,O_RDONLY) -+{ -+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; - } --require "$cf"; -+elsif ((stat CONFIG)[4] != $>) -+{ -+ die qq|Config file "$cf" not owned by effective UID.\n|; -+} -+elsif (eval(join '',<CONFIG>),$@) -+{ -+ die qq|Unable to eval "$cf": $@.\n|; -+} -+else -+{ -+ close CONFIG; -+} - - chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); - unshift(@INC, $homedir); ---- resend Mon Jan 3 15:14:49 2000 -+++ resend.new Mon Jan 3 15:16:01 2000 -@@ -56,7 +56,7 @@ - if ($ARGV[0] =~ /^\@/) { - $fn = shift(@ARGV); - $fn =~ s/^@//; -- open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); -+ sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); - undef($/); # set input field separator - $av = <AV>; # read whole file into string - close(AV); -@@ -84,11 +84,23 @@ - # Despite not having a place to send the remains of the body, - # it would be nice to send a message to root or postmaster, at least... - # --if (! -r $cf) { -- die("$cf not readable; stopped"); --} - --require "$cf"; -+if (not sysopen CONFIG,$cf,O_RDONLY) -+{ -+ die sprintf qq|Unable to sysopen config file "$cf"%s.\n|,$! ? ": $!" : ''; -+} -+elsif ((stat CONFIG)[4] != $>) -+{ -+ die qq|Config file "$cf" not owned by effective UID.\n|; -+} -+elsif (eval(join '',<CONFIG>),$@) -+{ -+ die qq|Unable to eval "$cf": $@.\n|; -+} -+else -+{ -+ close CONFIG; -+} - - chdir($homedir) || die("Can't chdir(\"$homedir\"): $!"); - |