summaryrefslogtreecommitdiff
path: root/security/heimdal
diff options
context:
space:
mode:
authorsalo <salo>2006-08-09 17:58:09 +0000
committersalo <salo>2006-08-09 17:58:09 +0000
commit056a5b61c5d924d899d39ff66a6272fc133a3462 (patch)
tree328938a09e45882df902e23fff94a3b7f7f6c8fb /security/heimdal
parent1fd981cae252ff86216c18be3b910367bc1b6df5 (diff)
downloadpkgsrc-056a5b61c5d924d899d39ff66a6272fc133a3462.tar.gz
Security fix for SA21436:
"A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to missing checks for whether the "setuid()" call has succeeded in the bundled rcp application. This may be exploited to perform certain actions with root privileges if the "setuid()" call fails due to e.g. resource limits." http://secunia.com/advisories/21436/ http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ Bump PKGREVISION.
Diffstat (limited to 'security/heimdal')
-rw-r--r--security/heimdal/Makefile4
-rw-r--r--security/heimdal/distinfo7
-rw-r--r--security/heimdal/patches/patch-am25
-rw-r--r--security/heimdal/patches/patch-an145
-rw-r--r--security/heimdal/patches/patch-ao44
-rw-r--r--security/heimdal/patches/patch-ap16
-rw-r--r--security/heimdal/patches/patch-aq16
7 files changed, 254 insertions, 3 deletions
diff --git a/security/heimdal/Makefile b/security/heimdal/Makefile
index 0ba7288631c..f775ba9156a 100644
--- a/security/heimdal/Makefile
+++ b/security/heimdal/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.61 2006/07/05 04:39:14 jlam Exp $
+# $NetBSD: Makefile,v 1.62 2006/08/09 17:58:09 salo Exp $
DISTNAME= heimdal-0.7.2
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= ftp://ftp.pdc.kth.se/pub/heimdal/src/ \
ftp://ftp.sunet.se/pub/unix/admin/mirror-pdc/heimdal/src/
diff --git a/security/heimdal/distinfo b/security/heimdal/distinfo
index 6a76dc9b8d5..1b6df19420f 100644
--- a/security/heimdal/distinfo
+++ b/security/heimdal/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2006/07/05 04:39:14 jlam Exp $
+$NetBSD: distinfo,v 1.21 2006/08/09 17:58:09 salo Exp $
SHA1 (heimdal-0.7.2.tar.gz) = a902e6ad7c31d940b588dc0235b348936f0d719d
RMD160 (heimdal-0.7.2.tar.gz) = 0f028a9d5a6a66e8efc0397e4d8c8adc2183b409
@@ -6,3 +6,8 @@ Size (heimdal-0.7.2.tar.gz) = 4525734 bytes
SHA1 (patch-ac) = 313c0a1f91e4f9546ae906f981adae0d499dd9cf
SHA1 (patch-ad) = a7cfc038e76f8c3da38f8eb0ee48a7f8c7a9c7df
SHA1 (patch-al) = 6035ef920b1a005902ae021b307fc4c3efc77449
+SHA1 (patch-am) = 538c0c3bb8806bdd3691d490ea4ceafc7acc0ca7
+SHA1 (patch-an) = 2f414a50520a345f3c875220d2b001516933fbac
+SHA1 (patch-ao) = 7401ad7a47ed8541663193f71bd52feafeeeb045
+SHA1 (patch-ap) = 4c28d64ecf1c55d7eb02d0be1cf3efeff81339c6
+SHA1 (patch-aq) = 3ac32c49d5880813998b5bfe8c474fbb87218cba
diff --git a/security/heimdal/patches/patch-am b/security/heimdal/patches/patch-am
new file mode 100644
index 00000000000..b55e4f44837
--- /dev/null
+++ b/security/heimdal/patches/patch-am
@@ -0,0 +1,25 @@
+$NetBSD: patch-am,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/dceutils/k5dcecon.c.orig 2002-08-09 15:19:41.000000000 +0200
++++ appl/dceutils/k5dcecon.c 2006-08-09 19:42:15.000000000 +0200
+@@ -71,7 +71,7 @@
+ #endif
+
+ #ifdef __hpux
+-#define seteuid(A) setresuid(-1,A,-1);
++#define seteuid(A) setresuid(-1,A,-1)
+ #endif
+
+
+@@ -549,7 +549,8 @@ int k5dcecreate(luid, luser, pname, krbt
+ */
+
+ if (uid == 0) {
+- seteuid(luid);
++ if (seteuid(luid) < 0)
++ goto abort;
+ }
+
+ cp = strchr(pname,'@');
diff --git a/security/heimdal/patches/patch-an b/security/heimdal/patches/patch-an
new file mode 100644
index 00000000000..78879014233
--- /dev/null
+++ b/security/heimdal/patches/patch-an
@@ -0,0 +1,145 @@
+$NetBSD: patch-an,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/ftp/ftpd/ftpd.c.orig 2005-06-02 12:41:28.000000000 +0200
++++ appl/ftp/ftpd/ftpd.c 2006-08-09 19:42:15.000000000 +0200
+@@ -138,9 +138,9 @@ static int handleoobcmd(void);
+ static int checkuser (char *, char *);
+ static int checkaccess (char *);
+ static FILE *dataconn (const char *, off_t, const char *);
+-static void dolog (struct sockaddr *sa, int len);
++static void dolog (struct sockaddr *, int);
+ static void end_login (void);
+-static FILE *getdatasock (const char *);
++static FILE *getdatasock (const char *, int);
+ static char *gunique (char *);
+ static RETSIGTYPE lostconn (int);
+ static int receive_data (FILE *, FILE *);
+@@ -835,7 +835,8 @@ static void
+ end_login(void)
+ {
+
+- seteuid((uid_t)0);
++ if (seteuid((uid_t)0) < 0)
++ fatal("Failed to seteuid");
+ if (logged_in)
+ ftpd_logwtmp(ttyline, "", "");
+ pw = NULL;
+@@ -1208,14 +1209,15 @@ done:
+ }
+
+ static FILE *
+-getdatasock(const char *mode)
++getdatasock(const char *mode, int domain)
+ {
+ int s, t, tries;
+
+ if (data >= 0)
+ return (fdopen(data, mode));
+- seteuid(0);
+- s = socket(ctrl_addr->sa_family, SOCK_STREAM, 0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
++ s = socket(domain, SOCK_STREAM, 0);
+ if (s < 0)
+ goto bad;
+ socket_set_reuseaddr (s, 1);
+@@ -1232,7 +1234,8 @@ getdatasock(const char *mode)
+ goto bad;
+ sleep(tries);
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ #ifdef IPTOS_THROUGHPUT
+ socket_set_tos (s, IPTOS_THROUGHPUT);
+ #endif
+@@ -1240,7 +1243,8 @@ getdatasock(const char *mode)
+ bad:
+ /* Return the real value of errno (close may change it) */
+ t = errno;
+- seteuid((uid_t)pw->pw_uid);
++ if (seteuid((uid_t)pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ close(s);
+ errno = t;
+ return (NULL);
+@@ -1271,7 +1275,7 @@ dataconn(const char *name, off_t size, c
+ {
+ char sizebuf[32];
+ FILE *file;
+- int retry = 0;
++ int domain, retry = 0;
+
+ file_size = size;
+ byte_count = 0;
+@@ -1318,7 +1322,15 @@ dataconn(const char *name, off_t size, c
+ if (usedefault)
+ data_dest = his_addr;
+ usedefault = 1;
+- file = getdatasock(mode);
++ /*
++ * Default to using the same socket type as the ctrl address,
++ * unless we know the type of the data address.
++ */
++ domain = data_dest->sa_family;
++ if (domain == PF_UNSPEC)
++ domain = ctrl_addr->sa_family;
++
++ file = getdatasock(mode, domain);
+ if (file == NULL) {
+ char data_addr[256];
+
+@@ -1889,11 +1901,11 @@ dologout(int status)
+ transflag = 0;
+ urgflag = 0;
+ if (logged_in) {
+- seteuid((uid_t)0);
+- ftpd_logwtmp(ttyline, "", "");
+ #ifdef KRB4
+ cond_kdestroy();
+ #endif
++ seteuid((uid_t)0); /* No need to check, we call exit() below */
++ ftpd_logwtmp(ttyline, "", "");
+ }
+ /* beware of flushing buffers after a SIGPIPE */
+ #ifdef XXX
+@@ -2006,12 +2018,15 @@ pasv(void)
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
+@@ -2050,12 +2065,15 @@ epsv(char *proto)
+ 0);
+ socket_set_portrange(pdata, restricted_data_ports,
+ pasv_addr->sa_family);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ fatal("Failed to seteuid");
+ if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) {
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid))
++ fatal("Failed to seteuid");
+ goto pasv_error;
+ }
+- seteuid(pw->pw_uid);
++ if (seteuid(pw->pw_uid) < 0)
++ fatal("Failed to seteuid");
+ len = sizeof(pasv_addr_ss);
+ if (getsockname(pdata, pasv_addr, &len) < 0)
+ goto pasv_error;
diff --git a/security/heimdal/patches/patch-ao b/security/heimdal/patches/patch-ao
new file mode 100644
index 00000000000..342e457a8f8
--- /dev/null
+++ b/security/heimdal/patches/patch-ao
@@ -0,0 +1,44 @@
+$NetBSD: patch-ao,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/rcp/rcp.c.orig 2005-05-11 13:04:30.000000000 +0200
++++ appl/rcp/rcp.c 2006-08-09 19:42:15.000000000 +0200
+@@ -119,13 +119,15 @@ main(int argc, char **argv)
+
+ if (fflag) { /* Follow "protocol", send data. */
+ response();
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ source(argc, argv);
+ exit(errs);
+ }
+
+ if (tflag) { /* Receive data. */
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ sink(argc, argv);
+ exit(errs);
+ }
+@@ -221,7 +223,8 @@ toremote(char *targ, int argc, char **ar
+ if (response() < 0)
+ exit(1);
+ free(bp);
+- setuid(userid);
++ if (setuid(userid) < 0)
++ errx(1, "setuid failed");
+ }
+ source(1, argv+i);
+ }
+@@ -270,7 +273,8 @@ tolocal(int argc, char **argv)
+ }
+ free(bp);
+ sink(1, argv + argc - 1);
+- seteuid(0);
++ if (seteuid(0) < 0)
++ exit(1);
+ close(remin);
+ remin = remout = -1;
+ }
diff --git a/security/heimdal/patches/patch-ap b/security/heimdal/patches/patch-ap
new file mode 100644
index 00000000000..0cf6ab9a525
--- /dev/null
+++ b/security/heimdal/patches/patch-ap
@@ -0,0 +1,16 @@
+$NetBSD: patch-ap,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- appl/rcp/util.c.orig 2005-04-18 09:52:58.000000000 +0200
++++ appl/rcp/util.c 2006-08-09 19:42:15.000000000 +0200
+@@ -112,7 +112,8 @@ susystem(s, userid)
+ return (127);
+
+ case 0:
+- (void)setuid(userid);
++ if (setuid(userid) < 0)
++ _exit(127);
+ execl(_PATH_BSHELL, "sh", "-c", s, NULL);
+ _exit(127);
+ }
diff --git a/security/heimdal/patches/patch-aq b/security/heimdal/patches/patch-aq
new file mode 100644
index 00000000000..eeb146f1426
--- /dev/null
+++ b/security/heimdal/patches/patch-aq
@@ -0,0 +1,16 @@
+$NetBSD: patch-aq,v 1.1 2006/08/09 17:58:09 salo Exp $
+
+Security fix for SA21436.
+
+--- lib/roken/iruserok.c.orig 2005-04-12 13:28:54.000000000 +0200
++++ lib/roken/iruserok.c 2006-08-09 19:42:15.000000000 +0200
+@@ -250,7 +250,8 @@ again:
+ * are protected read/write owner only.
+ */
+ uid = geteuid();
+- seteuid(pwd->pw_uid);
++ if (seteuid(pwd->pw_uid) < 0)
++ return (-1);
+ hostf = fopen(pbuf, "r");
+ seteuid(uid);
+