From b2b3b4bb73ac7836c6d327bb8139989380e9c9cb Mon Sep 17 00:00:00 2001 From: Doug Barton Date: Tue, 25 Sep 2001 07:08:47 +0000 Subject: This patch comes from the ht://Dig maintainers, and fixes a possible security vulnerability. Quoting from their e-mail announcement: There is a security vulnerability in all versions of htsearch between 3.1.0b2 and 3.1.5 . . . The hole can allow a remote user to pick a file on your system for the config file that the UID running the webserver can read. With a default ports install the httpd user should be nobody, which makes the vulnerability small. --- textproc/htdig/files/patch-htsearch_cc | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 textproc/htdig/files/patch-htsearch_cc (limited to 'textproc/htdig') diff --git a/textproc/htdig/files/patch-htsearch_cc b/textproc/htdig/files/patch-htsearch_cc new file mode 100644 index 000000000000..5a92dba57454 --- /dev/null +++ b/textproc/htdig/files/patch-htsearch_cc @@ -0,0 +1,24 @@ +--- htsearch/htsearch.cc.Dist Thu Feb 24 18:29:11 2000 ++++ htsearch/htsearch.cc Mon Sep 24 23:57:28 2001 +@@ -77,9 +77,18 @@ + switch (c) + { + case 'c': +- configFile = optarg; +- override_config=1; +- break; ++ // The default is obviously to do this securely ++ // but if people want to shoot themselves in the foot... ++#ifndef ALLOW_INSECURE_CGI_CONFIG ++ if (!getenv("REQUEST_METHOD")) ++ { ++#endif ++ configFile = optarg; ++ override_config=1; ++#ifndef ALLOW_INSECURE_CGI_CONFIG ++ } ++#endif ++ break; + case 'v': + debug++; + break; -- cgit v1.2.3