summaryrefslogtreecommitdiffstats
path: root/contrib/cvs
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-01-21 16:27:56 +0000
committernectar <nectar@FreeBSD.org>2004-01-21 16:27:56 +0000
commit0de1aa939e0bb1831fe5ba20e2afa2fe6d7426ab (patch)
tree9496e7d6854aead54712d74c18df16c4466822de /contrib/cvs
parent9d868620cc449f8280913c8370568d5b512c779b (diff)
downloadFreeBSD-src-0de1aa939e0bb1831fe5ba20e2afa2fe6d7426ab.zip
FreeBSD-src-0de1aa939e0bb1831fe5ba20e2afa2fe6d7426ab.tar.gz
Incorporate two security fixes from later versions of CVS.
From the NEWS file of cvs 1.11.11: * pserver can no longer be configured to run as root via the $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no longer leads directly to a root hack. Attempts to root will also be logged via the syslog. * Malformed module requests could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Filesystem permissions usually prevent the creation of these misplaced directories, but nevertheless, the CVS server now rejects the malformed requests. Obtained from: ccvs.cvshome.org
Diffstat (limited to 'contrib/cvs')
-rw-r--r--contrib/cvs/src/modules.c11
-rw-r--r--contrib/cvs/src/server.c23
2 files changed, 30 insertions, 4 deletions
diff --git a/contrib/cvs/src/modules.c b/contrib/cvs/src/modules.c
index b161e94..b2ded8d 100644
--- a/contrib/cvs/src/modules.c
+++ b/contrib/cvs/src/modules.c
@@ -159,6 +159,17 @@ do_module (db, mname, m_type, msg, callback_proc, where, shorten,
}
#endif
+ /* Don't process absolute directories. Anything else could be a security
+ * problem. Before this check was put in place:
+ *
+ * $ cvs -d:fork:/cvsroot co /foo
+ * cvs server: warning: cannot make directory CVS in /: Permission denied
+ * cvs [server aborted]: cannot make directory /foo: Permission denied
+ * $
+ */
+ if (isabsolute (mname))
+ error (1, 0, "Absolute module reference invalid: `%s'", mname);
+
/* if this is a directory to ignore, add it to that list */
if (mname[0] == '!' && mname[1] != '\0')
{
diff --git a/contrib/cvs/src/server.c b/contrib/cvs/src/server.c
index 04d912c..afd88b8 100644
--- a/contrib/cvs/src/server.c
+++ b/contrib/cvs/src/server.c
@@ -5230,10 +5230,11 @@ error ENOMEM Virtual memory exhausted.\n");
#if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI)
-static void switch_to_user PROTO((const char *));
+static void switch_to_user PROTO((const char *, const char *));
static void
-switch_to_user (username)
+switch_to_user (cvs_username, username)
+ const char *cvs_username; /* Only used for error messages. */
const char *username;
{
struct passwd *pw;
@@ -5250,6 +5251,20 @@ error 0 %s: no such user\n", username);
error_exit ();
}
+ if (pw->pw_uid == 0)
+ {
+#ifdef HAVE_SYSLOG_H
+ /* FIXME: Can the IP address of the connecting client be retrieved
+ * and printed here?
+ */
+ syslog (LOG_DAEMON | LOG_ALERT,
+ "attempt to root from account: %s", cvs_username
+ );
+#endif
+ printf("error 0: root not allowed\n");
+ error_exit ();
+ }
+
#if HAVE_INITGROUPS
if (initgroups (pw->pw_name, pw->pw_gid) < 0
# ifdef EPERM
@@ -5824,7 +5839,7 @@ pserver_authenticate_connection ()
strcpy (Pserver_Repos, repository);
/* Switch to run as this user. */
- switch_to_user (host_user);
+ switch_to_user (username, host_user);
free (host_user);
free (tmp);
free (repository);
@@ -6017,7 +6032,7 @@ gserver_authenticate_connection ()
error (1, errno, "fwrite failed");
}
- switch_to_user (buf);
+ switch_to_user ("GSSAPI", buf);
printf ("I LOVE YOU\n");
fflush (stdout);
OpenPOWER on IntegriCloud