summaryrefslogtreecommitdiff
path: root/chat
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2005-09-13 22:02:24 +0000
committersalo <salo@pkgsrc.org>2005-09-13 22:02:24 +0000
commitb5870e3006cf06f134f41ca3aa68c29dd9fcdeb2 (patch)
treed27b8e74772a5322594b27cce963686aad5baf62 /chat
parent234d154cbbdebf9188420e17708f67759554459b (diff)
downloadpkgsrc-b5870e3006cf06f134f41ca3aa68c29dd9fcdeb2.tar.gz
Security fix:
- fix insecure file creation in /tmp, patch from silc cvs the impact of this issue is very low. it allows an attacker to overwrite arbitrary files owned by the user running silcd ("silcd", in pkgsrc) IFF the owner of the process or root send SIGUSR1 signal to the process to dump stats. the only file owned by the "silcd" user is typically the log file which resides in a directory inaccessible by anyone except the user itself and root so the potential attacker would need to guess its name. http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt please note that the advisory also incorrectly states that silc-toolkit is vulnerable too. the code in question is never compiled in the toolkit so it's not affected. Bump PKGREVISION.
Diffstat (limited to 'chat')
-rw-r--r--chat/silc-server/Makefile3
-rw-r--r--chat/silc-server/distinfo3
-rw-r--r--chat/silc-server/patches/patch-ac30
3 files changed, 34 insertions, 2 deletions
diff --git a/chat/silc-server/Makefile b/chat/silc-server/Makefile
index 9f5349899a9..2da34292713 100644
--- a/chat/silc-server/Makefile
+++ b/chat/silc-server/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.41 2005/08/23 11:48:47 rillig Exp $
+# $NetBSD: Makefile,v 1.42 2005/09/13 22:02:24 salo Exp $
#
DISTNAME= silc-server-1.0
+PKGREVISION= 1
CATEGORIES= chat security
MASTER_SITES= http://www.silcnet.org/download/server/sources/ \
ftp://ftp.silcnet.org/silc/server/sources/ \
diff --git a/chat/silc-server/distinfo b/chat/silc-server/distinfo
index 9dd9d0fe6b2..32200de7228 100644
--- a/chat/silc-server/distinfo
+++ b/chat/silc-server/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.28 2005/06/19 01:22:17 salo Exp $
+$NetBSD: distinfo,v 1.29 2005/09/13 22:02:24 salo Exp $
SHA1 (silc-server-1.0.tar.bz2) = bcf440c89b3266f47e64a8f175ffba117f071899
RMD160 (silc-server-1.0.tar.bz2) = 0316e72d48ca8b4d092db8765807d97ab659b317
Size (silc-server-1.0.tar.bz2) = 969309 bytes
SHA1 (patch-aa) = 3b189047000593b36305f23301987982706355dc
SHA1 (patch-ab) = 55b3f00076c5b8a443465753ae07b9e812236f18
+SHA1 (patch-ac) = f167cadd94656cac0ad5edba577b2035cfe9b216
diff --git a/chat/silc-server/patches/patch-ac b/chat/silc-server/patches/patch-ac
new file mode 100644
index 00000000000..a78465ac4c2
--- /dev/null
+++ b/chat/silc-server/patches/patch-ac
@@ -0,0 +1,30 @@
+$NetBSD: patch-ac,v 1.12 2005/09/13 22:02:24 salo Exp $
+
+--- apps/silcd/silcd.c.orig 2005-05-10 15:22:52.000000000 +0200
++++ apps/silcd/silcd.c 2005-09-13 21:06:01.000000000 +0200
+@@ -261,14 +261,22 @@
+ SILC_TASK_CALLBACK(dump_stats)
+ {
+ FILE *fdd;
++ int fild;
+ char filename[256];
+
+ memset(filename, 0, sizeof(filename));
+- snprintf(filename, sizeof(filename) - 1, "/tmp/silcd.%d.stats", getpid());
+- fdd = fopen(filename, "w+");
+- if (!fdd)
++ snprintf(filename, sizeof(filename) - 1, "/tmp/silcd.%d.stats-XXXXXX", getpid());
++ fild = mkstemp(filename);
++ if (fild == -1)
+ return;
+
++ fdd = fdopen(fild, "w");
++ if (fdd == NULL) {
++ close(fild);
++ unlink(filename);
++ return;
++ }
++
+ #define STAT_OUTPUT(fmt, stat) fprintf(fdd, fmt "\n", (int)stat);
+
+ fprintf(fdd, "SILC Server %s Statistics\n\n", silcd->server_name);