diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 15:26:36 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 15:26:36 +0000 |
commit | d842237cd2663eb37c2cb3d06fa32f1867ff949a (patch) | |
tree | d53c7f6928dff2c8f703e70dc22a1b568504f2e2 /sysutils/bacula/patches | |
parent | 8f4e2f70dbeb35e644cb993a0d527e77670e6f51 (diff) | |
download | pkgsrc-d842237cd2663eb37c2cb3d06fa32f1867ff949a.tar.gz |
Add patches "solving" the issue of bacula exposing passwords et cetera
through the command line parameters of various tools (CVE-2007-5626).
Diffstat (limited to 'sysutils/bacula/patches')
-rw-r--r-- | sysutils/bacula/patches/patch-ab | 26 | ||||
-rw-r--r-- | sysutils/bacula/patches/patch-ak | 13 |
2 files changed, 39 insertions, 0 deletions
diff --git a/sysutils/bacula/patches/patch-ab b/sysutils/bacula/patches/patch-ab new file mode 100644 index 00000000000..6f645aabe7d --- /dev/null +++ b/sysutils/bacula/patches/patch-ab @@ -0,0 +1,26 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 15:26:36 tonnerre Exp $ + +--- src/cats/make_catalog_backup.in.orig 2007-04-24 17:36:15.000000000 +0200 ++++ src/cats/make_catalog_backup.in +@@ -8,7 +8,11 @@ + # $2 is the user name with which to access the database + # (default = bacula). + # $3 is the password with which to access the database or "" if no password +-# (default "") ++# (default ""). WARNING!!! Passing the password via the command line is ++# insecure and should not be used since any user can display the command ++# line arguments and the environment using ps. Please consult your ++# MySQL or PostgreSQL manual for secure methods of specifying the ++# password. + # $4 is the host on which the database is located + # (default "") + # +@@ -31,7 +35,7 @@ else + else + MYSQLHOST="" + fi +- ${BINDIR}/mysqldump -u $2$MYSQLPASSWORD$MYSQLHOST -f --opt $1 >$1.sql ++ ${BINDIR}/mysqldump -u ${2}${MYSQLPASSWORD}${MYSQLHOST} -f --opt $1 >$1.sql + else + if test xpostgresql = x@DB_TYPE@ ; then + if test $# -gt 2; then diff --git a/sysutils/bacula/patches/patch-ak b/sysutils/bacula/patches/patch-ak new file mode 100644 index 00000000000..09b4e85387e --- /dev/null +++ b/sysutils/bacula/patches/patch-ak @@ -0,0 +1,13 @@ +$NetBSD: patch-ak,v 1.3 2008/07/13 15:26:36 tonnerre Exp $ + +--- src/dird/bacula-dir.conf.in.orig 2007-05-27 21:30:39.000000000 +0200 ++++ src/dird/bacula-dir.conf.in +@@ -61,6 +61,8 @@ Job { + FileSet="Catalog" + Schedule = "WeeklyCycleAfterBackup" + # This creates an ASCII copy of the catalog ++ # WARNING!!! Passing the password via the command line is insecure. ++ # see comments in make_catalog_backup for details. + RunBeforeJob = "@scriptdir@/make_catalog_backup bacula bacula" + # This deletes the copy of the catalog + RunAfterJob = "@scriptdir@/delete_catalog_backup" |