From owner-freebsd-ports Thu Nov 14 10:34:21 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C1F237B401; Thu, 14 Nov 2002 10:34:20 -0800 (PST) Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D68A43E7B; Thu, 14 Nov 2002 10:34:18 -0800 (PST) (envelope-from knud@skodliv.dk) Received: from user4.cybercity.dk (fxp0.user4.ip.cybercity.dk [212.242.41.50]) by cicero0.cybercity.dk (Postfix) with ESMTP id 48744102933; Thu, 14 Nov 2002 19:34:12 +0100 (CET) Received: from tuborg (clenched.fi.st [217.157.2.36]) by user4.cybercity.dk (Postfix) with SMTP id DEF045447; Thu, 14 Nov 2002 19:34:10 +0100 (CET) Message-ID: <039801c28c0d$07d52d70$24029dd9@tuborg> From: =?iso-8859-1?Q?Knud_Erik_H=F8jgaard?= To: , Subject: security problem in /usr/ports/comms/efax Date: Thu, 14 Nov 2002 19:38:29 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ===> SECURITY NOTE: This port has installed the following binaries which execute with increased privileges. 326461 192 -rwsr-xr-x 1 uucp dialer 97432 Nov 14 19:13 /usr/local/bin/efax $ gdb -q /usr/local/bin/efax (no debugging symbols found)...(gdb) r -x `perl -e 'print "A" x 1056'` Starting program: /usr/local/bin/efax -x `perl -e 'print "A" x 1056'` /usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright 1999 Ed Casas /usr/local/bin/efax: Thu Nov 14 19:29:32 2002 efax v 0.9a-001114 Copyright 1999 Ed Casas efax: 29:32 compiled Nov 14 2002 19:26:43 efax: 29:32 Error: can't open pre-lock file [A lot of A's here]: File name too long (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () (gdb) the following diff (gently provided by the author of efax) fixes it: *** efaxos.c~ Mon Mar 1 22:18:30 1999 --- efaxos.c Mon Sep 30 18:53:13 2002 *************** *** 409,414 **** --- 409,420 ---- err = ttlocked ( fname, log ) ; + if ( strlen ( fname ) + 11 > EFAX_PATH_MAX ) { + err = msg ( "E2lock file path too long (must be <= %d characters)", + EFAX_PATH_MAX - 11 ); + } + + if ( ! err ) { dirlen = ( p = strrchr( fname , '/' ) ) ? p-fname+1 : strlen ( fname ) ; sprintf ( buf , "%.*sTMP..%05d" , dirlen , fname , (int) pid ) ; I forgot to notify you when I reveived the reply from the author, sorry. -- Knud Erik Højgaard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message