aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBaptiste Daroussin <bapt@FreeBSD.org>2016-08-20 16:41:14 +0000
committerBaptiste Daroussin <bapt@FreeBSD.org>2016-08-20 16:41:14 +0000
commit0e9ca16beb49a96e4e85479db7f29562d0db7de8 (patch)
tree47c9fdd5864e8626364cfcc30ad33137a0aba5fb
parentf5a1fd97b05128340ab834c6868b38fc94d33d5c (diff)
downloadports-0e9ca16beb49a96e4e85479db7f29562d0db7de8.tar.gz
ports-0e9ca16beb49a96e4e85479db7f29562d0db7de8.zip
MFH: r420518
Incorporate a patch from upstream Affecting DragonFly 4.6 and earlier, Matt Dillon fixed this in base after finding out from BSDNow Episode 152. Comments following were from his commit which explains better than I. Just taking his change and putting it here as well. * dma makes an age-old mistake of not properly checking whether a file owned by a user is a symlink or not, a bug which the original mail.local also had. * Add O_NOFOLLOW to disallow symlinks. Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked about the mail.local bug.
Notes
Notes: svn path=/branches/2016Q3/; revision=420519
-rw-r--r--mail/dma/Makefile2
-rw-r--r--mail/dma/files/fix-security-hole.patch34
2 files changed, 36 insertions, 0 deletions
diff --git a/mail/dma/Makefile b/mail/dma/Makefile
index 195078c00dcd..e3c0aae6f124 100644
--- a/mail/dma/Makefile
+++ b/mail/dma/Makefile
@@ -3,6 +3,7 @@
PORTNAME= dma
PORTVERSION= 0.11
+PORTREVISION= 1
DISTVERSIONPREFIX= v
PORTEPOCH= 1
CATEGORIES= mail ipv6
@@ -31,6 +32,7 @@ MAKE_ENV= __MAKE_CONF=/dev/null SRCCONF=/dev/null NO_WERROR=defined \
USE_RC_SUBR= dma_flushq
SUB_FILES= pkg-message
+EXTRA_PATCHES= ${FILESDIR}/fix-security-hole.patch:-p1
# Allow subports to extend.
CONFFILES+= dma.conf auth.conf
diff --git a/mail/dma/files/fix-security-hole.patch b/mail/dma/files/fix-security-hole.patch
new file mode 100644
index 000000000000..9efd7bd76985
--- /dev/null
+++ b/mail/dma/files/fix-security-hole.patch
@@ -0,0 +1,34 @@
+From f249aa412dd4a09881cb450390d1003815bd0013 Mon Sep 17 00:00:00 2001
+From: Zach Crownover <zachary.crownover@gmail.com>
+Date: Fri, 5 Aug 2016 15:24:27 -0700
+Subject: [PATCH] dma - Fix security hole (#46)
+
+Affecting DragonFly 4.6 and earlier, Matt Dillon fixed this in base after
+finding out from BSDNow Episode 152. Comments following were from his commit
+which explains better than I. Just taking his change and putting it here as well.
+
+* dma makes an age-old mistake of not properly checking whether a file
+ owned by a user is a symlink or not, a bug which the original mail.local
+ also had.
+
+* Add O_NOFOLLOW to disallow symlinks.
+
+Thanks-to: BSDNow Episode 152, made me dive dma to check when they talked
+ about the mail.local bug.
+---
+ dma-mbox-create.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dma-mbox-create.c b/dma-mbox-create.c
+index 532a7af..45a4792 100644
+--- a/dma-mbox-create.c
++++ b/dma-mbox-create.c
+@@ -142,7 +142,7 @@ main(int argc, char **argv)
+ logfail(EX_CANTCREAT, "cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user);
+ }
+
+- f = open(fn, O_RDONLY|O_CREAT, 0600);
++ f = open(fn, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600);
+ if (f < 0)
+ logfail(EX_NOINPUT, "cannt open mbox `%s'", fn);
+