diff options
| -rw-r--r-- | sysutils/tcx/DESCR | 8 | ||||
| -rw-r--r-- | sysutils/tcx/MESSAGE | 11 | ||||
| -rw-r--r-- | sysutils/tcx/Makefile | 17 | ||||
| -rw-r--r-- | sysutils/tcx/PLIST | 3 | ||||
| -rw-r--r-- | sysutils/tcx/distinfo | 8 | ||||
| -rw-r--r-- | sysutils/tcx/patches/patch-aa | 29 | ||||
| -rw-r--r-- | sysutils/tcx/patches/patch-ab | 41 | ||||
| -rw-r--r-- | sysutils/tcx/patches/patch-ac | 172 | ||||
| -rw-r--r-- | sysutils/tcx/patches/patch-ad | 36 |
9 files changed, 325 insertions, 0 deletions
diff --git a/sysutils/tcx/DESCR b/sysutils/tcx/DESCR new file mode 100644 index 00000000000..7e6e0a5d6f2 --- /dev/null +++ b/sysutils/tcx/DESCR @@ -0,0 +1,8 @@ +TCX is a system designed for the transparent decompression, execution +and recompression of executables under Unix. It allows configuration +options such as the type of compression system used (compress(1), +gzip(1), your own local system etc), timeouts between recompressions, +and emergency directories in case a decompression fails from shortage +of disk space. The system is designed with a reasonable amount of +robustness in mind, such as in the event of system crashes, or races +on trying to uncompress, compress or execute something. diff --git a/sysutils/tcx/MESSAGE b/sysutils/tcx/MESSAGE new file mode 100644 index 00000000000..e1efe372a7f --- /dev/null +++ b/sysutils/tcx/MESSAGE @@ -0,0 +1,11 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + + WARNING - this package contains a setuid root executable called + untcx, which was written in 1994, and contained calls to getwd(3), + sprintf(3), strcpy(3) and strcat(3). I've done a minor audit of + the code, and have fixed the above functions with calls to safer + alternatives, but you may wish to delete this package from your + own systems until you have carried out your own audit. + +=========================================================================== diff --git a/sysutils/tcx/Makefile b/sysutils/tcx/Makefile new file mode 100644 index 00000000000..2793ad7b808 --- /dev/null +++ b/sysutils/tcx/Makefile @@ -0,0 +1,17 @@ +# $NetBSD: Makefile,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +DISTNAME= tcx-linux +PKGNAME= tcx-19940124 +CATEGORIES= sysutils +MASTER_SITES= ftp://ibiblio.unc.edu/pub/Linux/utils/compress/ + +MAINTAINER= packages@netbsd.org +#HOMEPAGE= +COMMENT= transparently compress executables + +WRKSRC= ${WRKDIR}/tcx + +post-patch: + cd ${WRKSRC}; ${MV} config.h config.h-pre; ${SED} -e 's|@PREFIX@|"${PREFIX}"|g' < config.h-pre > config.h + +.include "../../mk/bsd.pkg.mk" diff --git a/sysutils/tcx/PLIST b/sysutils/tcx/PLIST new file mode 100644 index 00000000000..7d260a722be --- /dev/null +++ b/sysutils/tcx/PLIST @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ +bin/tcx +bin/untcx diff --git a/sysutils/tcx/distinfo b/sysutils/tcx/distinfo new file mode 100644 index 00000000000..8cdbfe698a3 --- /dev/null +++ b/sysutils/tcx/distinfo @@ -0,0 +1,8 @@ +$NetBSD: distinfo,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +SHA1 (tcx-linux.tar.gz) = 73c112fc39cbfb794fe0f6b0d2e15739ee1c9f5a +Size (tcx-linux.tar.gz) = 21028 bytes +SHA1 (patch-aa) = 2e03b68d4c4ed05757fe788649eede461a11a4e5 +SHA1 (patch-ab) = 5e7e7247783090e3029504f80440b6faebe1d1dd +SHA1 (patch-ac) = 9a285e8365a3e0151fd37e2bf86ee8c346599e3b +SHA1 (patch-ad) = 5ba81fcec1e674054c532fc3c70a8a6d8f17c350 diff --git a/sysutils/tcx/patches/patch-aa b/sysutils/tcx/patches/patch-aa new file mode 100644 index 00000000000..920e08a5b90 --- /dev/null +++ b/sysutils/tcx/patches/patch-aa @@ -0,0 +1,29 @@ +$NetBSD: patch-aa,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +--- Makefile 2003/05/19 15:39:04 1.1 ++++ Makefile 2003/05/19 16:01:40 +@@ -6,11 +6,11 @@ + + # C compiler of your choice. Should be ansi'ish + #CC = cc # IRIX, ULTRIX +-CC = gcc # SUNOS, LINUX ++#CC = gcc # SUNOS, LINUX + #CC = c++ # try & see? + + # Cflags of choice. +-CFLAGS = -s -O6 -Wall ++#CFLAGS = -s -O6 -Wall + + + # Any libraries +@@ -29,4 +29,9 @@ + shar -c -l 45 -o tcx README VERSION COPYING Makefile tcx.1 untcx.1 tcx.c config.h untcx.c + + clean: +- /bin/rm -f *.o tcx untcx ++ rm -f *.o tcx untcx ++ ++install: ++ ${BSD_INSTALL_PROGRAM} tcx ${PREFIX}/bin ++ ${BSD_INSTALL_PROGRAM} untcx ${PREFIX}/bin ++ chmod 4755 ${PREFIX}/bin/untcx diff --git a/sysutils/tcx/patches/patch-ab b/sysutils/tcx/patches/patch-ab new file mode 100644 index 00000000000..6cf1712371d --- /dev/null +++ b/sysutils/tcx/patches/patch-ab @@ -0,0 +1,41 @@ +$NetBSD: patch-ab,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +--- config.h 2003/05/19 16:02:37 1.1 ++++ config.h 2003/05/19 16:03:51 +@@ -23,7 +23,7 @@ + /* Define one of the following where appropriate */ + /************************************************************************/ + +-#define LINUX ++/* #define LINUX */ + /* #define SUNOS */ + /* #define IRIX */ + /* #define ULTRIX */ +@@ -45,14 +45,14 @@ + /* since PATHUNTCX must run setuid to root. */ + /************************************************************************/ + +-#define PATHUNTCX "/usr/local/bin/untcx" ++#define PATHUNTCX @PREFIX@ "/bin/untcx" + + /************************************************************************/ + /* PATHTCX is the pathname to the tcx executable. This does not have to*/ + /* be installed setuid. */ + /************************************************************************/ + +-#define PATHTCX "/usr/local/bin/tcx" ++#define PATHTCX @PREFIX@ "/bin/tcx" + + /************************************************************************/ + /* PATHPACKER is the pathname to the compression program you wish to use*/ +@@ -143,6 +143,10 @@ + #define PUSLEEP(x) (usleep(x)) + #endif + ++#ifndef PUSLEEP ++#define PUSLEEP(x) (usleep(x)) ++#endif ++ + #include <stdlib.h> + #include <unistd.h> + #include <sys/time.h> diff --git a/sysutils/tcx/patches/patch-ac b/sysutils/tcx/patches/patch-ac new file mode 100644 index 00000000000..2ce1e46145f --- /dev/null +++ b/sysutils/tcx/patches/patch-ac @@ -0,0 +1,172 @@ +$NetBSD: patch-ac,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +Minor security audit - the world has moved on since 1994. + +--- untcx.c 2003/06/20 07:59:56 1.1 ++++ untcx.c 2003/06/20 08:09:26 +@@ -166,9 +166,9 @@ + + /* Set global paths */ + +- (void)sprintf(logpath, "%s/log", ENFSDIR); +- (void)sprintf(logtmppath, "%s/logtmp", ENFSDIR); +- (void)sprintf(lockpath, "%s/.lock", ENFSDIR); ++ (void)snprintf(logpath, sizeof(logpath), "%s/log", ENFSDIR); ++ (void)snprintf(logtmppath, sizeof(logtmppath), "%s/logtmp", ENFSDIR); ++ (void)snprintf(lockpath, sizeof(lockpath), "%s/.lock", ENFSDIR); + + /* Check and start tcxd as required */ + +@@ -185,16 +185,16 @@ + + /* Grab argv[0] and resolve to full path name via getwd() */ + +- if(getwd(cwd) == NULL) ++ if(getcwd(cwd, sizeof(cwd)) == NULL) + { + (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); + exit(-1); + } + + if(*argv[0] == '/') +- (void)strcpy(realdir, argv[0]); ++ (void)strlcpy(realdir, argv[0], sizeof(realdir)); + else +- (void)sprintf(realdir, "%s/%s", cwd, argv[0]); ++ (void)snprintf(realdir, sizeof(realdir), "%s/%s", cwd, argv[0]); + for(;;) + { + if((c = strrchr(realdir, '/')) == NULL) +@@ -203,7 +203,7 @@ + exit(-1); + } + c++; +- (void)strcpy(execname, c); ++ (void)strlcpy(execname, c, sizeof(execname)); + *c = '\0'; + + if(chdir(realdir) < 0) /* Oops. Failed. Report and quit. */ +@@ -212,7 +212,7 @@ + exit(-1); + } + +- if(getwd(realdir) == NULL) ++ if(getcwd(realdir, sizeof(realdir)) == NULL) + { + (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); + exit(-1); +@@ -238,11 +238,11 @@ + } + execpath[len] = '\0'; + if(execpath[0] == '/') +- (void)strcpy(realdir, execpath); ++ (void)strlcpy(realdir, execpath, sizeof(realdir)); + else + { +- (void)strcat(realdir, "/"); +- (void)strcat(realdir, execpath); ++ (void)strlcat(realdir, "/", sizeof(realdir)); ++ (void)strlcat(realdir, execpath, sizeof(realdir)); + } + continue; + } +@@ -291,8 +291,8 @@ + #else + if(setreuid(getuid(), getuid()) < 0) { perror("setreuid"); exit(-1); } + #endif +- (void)sprintf(tcxtarg, "%s/%s", realdir, execname); +- (void)sprintf(untcxtmp, "%s/.untcx.%s", realdir, execname); ++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", realdir, execname); ++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/.untcx.%s", realdir, execname); + just_untcx(tcxtarg, untcxtmp); + exit(0); + } +@@ -302,8 +302,8 @@ + + if(local) + { +- (void)sprintf(tcxtarg, "%s/%s", realdir, execname); +- (void)sprintf(untcxtmp, "%s/.untcx.%s", realdir, execname); ++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", realdir, execname); ++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/.untcx.%s", realdir, execname); + untcx_and_exec_local(tcxtarg, untcxtmp, &(argv[1])); + } + #endif +@@ -315,7 +315,7 @@ + for(c = realdir; *c ; c++) + if(*c == '/') + *c = '='; +- (void)sprintf(tcxtarg, "%s/%s", ENFSDIR, realdir); ++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", ENFSDIR, realdir); + if(mkdir(tcxtarg, 0777) < 0) + if(errno != EEXIST) + { +@@ -323,9 +323,9 @@ + exit(-1); + } + (void)chmod(tcxtarg, 0777); +- (void)strcat(tcxtarg,"/"); +- (void)strcat(tcxtarg, execname); +- (void)sprintf(untcxtmp, "%s/%s/.untcx.%s", ENFSDIR, realdir, execname); ++ (void)strlcat(tcxtarg,"/", sizeof(tcxtarg)); ++ (void)strlcat(tcxtarg, execname, sizeof(tcxtarg)); ++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/%s/.untcx.%s", ENFSDIR, realdir, execname); + + untcx_and_exec_nfs(argv[0], untcxtmp, tcxtarg, &(argv[1])); + +@@ -415,7 +415,7 @@ + + /* Write our process id to the lock file. Don't really care if fails. */ + +- (void)sprintf(spid, "%d\n", getpid()); ++ (void)snprintf(spid, sizeof(spid), "%d\n", getpid()); + (void)write(lkfd, spid, strlen(spid)); + + #ifdef UNPACK_IN_PLACE +@@ -810,30 +810,30 @@ + + /* resolve first stage of argv[0] */ + +- if(getwd(cwd) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); } ++ if(getcwd(cwd, sizeof(cwd)) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); } + +- if(*argv[0] == '/') (void)strcpy(realdir, argv[0]); else (void)sprintf(realdir, "%s/%s", cwd, argv[0]); ++ if(*argv[0] == '/') (void)strlcpy(realdir, argv[0], sizeof(realdir)); else (void)snprintf(realdir, sizeof(realdir), "%s/%s", cwd, argv[0]); + + if((c = strrchr(realdir, '/')) == NULL) { (void)fprintf(stderr, "Help! Internal corruption of variables!\n"); exit(-1); } + +- c++; (void)strcpy(execname, c); *c = '\0'; ++ c++; (void)strlcpy(execname, c, sizeof(execname)); *c = '\0'; + + if(chdir(realdir) < 0) { perror(realdir); exit(-1); } + +- if(getwd(realdir) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); } ++ if(getcwd(realdir, sizeof(realdir)) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); } + + for(c = realdir; *c; c++) + if(*c == '/') + *c = '='; +- (void)sprintf(linkpath, "%s/%s", ENFSDIR, realdir); ++ (void)snprintf(linkpath, sizeof(linkpath), "%s/%s", ENFSDIR, realdir); + if(mkdir(linkpath, 0777) < 0) + { + if(errno != EEXIST) { perror(linkpath); exit(-1); } + } + else + (void)chmod(linkpath, 0777); +- (void)strcat(linkpath,"/"); +- (void)strcat(linkpath, execname); ++ (void)strlcat(linkpath,"/", sizeof(linkpath)); ++ (void)strlcat(linkpath, execname, sizeof(linkpath)); + + if(chdir(cwd) < 0) { perror(cwd); exit(-1); } + +@@ -1244,7 +1244,7 @@ + if((curr = (path *)malloc(sizeof(path))) == NULL) + continue; + +- (void)strcpy(curr->path, newpath); ++ (void)strlcpy(curr->path, newpath, sizeof(curr->path)); + #ifdef UNPACK_IN_PLACE + curr->pid = -1; + (strstr(newpath, ENFSDIR) == newpath) ? (curr->local = 0) : (curr->local = 1); diff --git a/sysutils/tcx/patches/patch-ad b/sysutils/tcx/patches/patch-ad new file mode 100644 index 00000000000..489002cfcd5 --- /dev/null +++ b/sysutils/tcx/patches/patch-ad @@ -0,0 +1,36 @@ +$NetBSD: patch-ad,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $ + +Minor security audit + +--- tcx.c 2003/06/20 10:44:29 1.1 ++++ tcx.c 2003/06/20 10:45:54 +@@ -120,16 +120,16 @@ + /* If cannot, warn user and quit */ + + if(strrchr(argv[1], '/') == NULL) +- (void)sprintf(tofile, ".tcx.%s", argv[1]); ++ (void)snprintf(tofile, sizeof(tofile), ".tcx.%s", argv[1]); + else + { +- (void)strcpy(tofile, argv[1]); ++ (void)strlcpy(tofile, argv[1], sizeof(tofile)); + s = strrchr(tofile, '/'); + *s = '\0'; +- (void)strcat(tofile, "/.tcx."); ++ (void)strlcat(tofile, "/.tcx.", sizeof(tofile)); + s = strrchr(argv[1], '/'); + s++; +- (void)strcat(tofile, s); ++ (void)strlcat(tofile, s, sizeof(tofile)); + } + + lck.l_type = F_WRLCK; lck.l_whence = 0; lck.l_start = 0; lck.l_len = 0; +@@ -213,7 +213,7 @@ + + /* Spit out header and start encoding executable */ + +- (void)sprintf(header, "#!%s\n", PATHUNTCX); ++ (void)snprintf(header, sizeof(header), "#!%s\n", PATHUNTCX); + if(write(outfd, header, strlen(header)) < 0) { (void)perror("write"); exit(-1); } + + c = 0; if((write(outfd, &c, 1)) < 0) { (void)perror("write"); exit(-1); } |