FreeBSD Mail Archives

Date:      Mon, 18 Sep 2006 16:15:05 +0900 (JST)
From:      Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/103346: maintainer update: mail/dkimproxy to fix problems.
Message-ID:  <200609180715.k8I7F5sY002366@frodo.csg.is.titech.ac.jp>
Resent-Message-ID: <200609180720.k8I7KR3t019452@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         103346
>Category:       ports
>Synopsis:       maintainer update: mail/dkimproxy to fix problems.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 18 07:20:26 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Yoshisato YANAGISAWA
>Release:        FreeBSD 6.1-RELEASE-p5 i386
>Organization:
Tokyo Institute of Technology.
>Environment:
System: FreeBSD frodo.csg.is.titech.ac.jp 6.1-RELEASE-p5 FreeBSD 6.1-RELEASE-p5 #91: Wed Aug 30 18:11:53 JST 2006 yanagisawa@frodo.csg.is.titech.ac.jp:/usr/obj/usr/src/sys/FRODO i386


	
>Description:
	Since mail/dkfilter and mail/dkimproxy are using similar rc.d scripts,
	a problem in one is potentially a problem in another.
	+ Potential race condition is found.
	+ A potential DoS attack by dkimproxy user is found.
	(See also: PR: ports/103344)

	
>How-To-Repeat:
	n/a
	
>Fix:
	For ease of taking care of the two ports, a variable name in a rc.d
	script is changed.

	Apply following patch:

diff -ruN dkimproxy.bak/Makefile dkimproxy/Makefile
--- dkimproxy.bak/Makefile	Mon Sep 18 14:47:18 2006
+++ dkimproxy/Makefile	Mon Sep 18 14:58:25 2006
@@ -7,6 +7,7 @@
 
 PORTNAME=	dkimproxy
 PORTVERSION=	0.13
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	http://jason.long.name/dkimproxy/
 
diff -ruN dkimproxy.bak/files/dkimproxy_in.in dkimproxy/files/dkimproxy_in.in
--- dkimproxy.bak/files/dkimproxy_in.in	Mon Sep 18 14:47:18 2006
+++ dkimproxy/files/dkimproxy_in.in	Mon Sep 18 15:20:33 2006
@@ -42,19 +42,30 @@
 	logger -t ${name} "Starting ${name}"
 	touch ${dkimproxy_in_pidfile}
 	chown ${dkimproxy_in_user} ${dkimproxy_in_pidfile}
-	logfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
+	tmpfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
 	su -m ${dkimproxy_in_user} -c "daemon -c -p ${dkimproxy_in_pidfile} \
 		%%PREFIX%%/bin/dkimproxy.in ${dkimproxy_in_flags}" \
-		> /dev/null 2> ${logfile}
-	sleep 1 # XXX: wait until dkimproxy start.
-	logger -t ${name} "`cat ${logfile}`"
-	err=`grep Error ${logfile}`
+		> /dev/null 2> ${tmpfile}
+	# wait until dkimproxy start.
+	while true
+	do
+		filesize=`ls -l ${tmpfile}|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
+	logger -t ${name} "`cat ${tmpfile}`"
+	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkimproxy_in_pidfile}
+	else
+		# To prevent DoS attack by dkimproxy_in_user.
+		chown root:wheel ${dkimproxy_in_pidfile}
 	fi
-	rm -f ${logfile}
+	rm -f ${tmpfile}
 }
 
 dkimproxy_in_stop()
diff -ruN dkimproxy.bak/files/dkimproxy_out.in dkimproxy/files/dkimproxy_out.in
--- dkimproxy.bak/files/dkimproxy_out.in	Mon Sep 18 14:47:18 2006
+++ dkimproxy/files/dkimproxy_out.in	Mon Sep 18 15:20:18 2006
@@ -47,19 +47,30 @@
 	logger -t ${name} "Starting ${name}"
 	touch ${dkimproxy_out_pidfile}
 	chown ${dkimproxy_out_user} ${dkimproxy_out_pidfile}
-	logfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
+	tmpfile=`mktemp /tmp/${name}.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
 	su -m ${dkimproxy_out_user} -c "daemon -c -p ${dkimproxy_out_pidfile} \
 		%%PREFIX%%/bin/dkimproxy.out ${dkimproxy_out_flags}" \
-		> /dev/null 2> ${logfile}
-	sleep 1 # XXX: wait until dkimproxy start.
-	logger -t ${name} "`cat ${logfile}`"
-	err=`grep Error ${logfile}`
+		> /dev/null 2> ${tmpfile}
+	# wait until dkimproxy start.
+	while true
+	do
+		filesize=`ls -l ${tmpfile}|awk '{print $5}'`
+		if [ ${filesize} -gt 0 ]; then
+			break
+		fi
+	done
+
+	logger -t ${name} "`cat ${tmpfile}`"
+	err=`grep Error ${tmpfile}`
 	if [ "${err}" ]; then
 		echo "Failed to start ${name}."
 		echo "${err}"
 		rm -f ${dkimproxy_out_pidfile}
+	else
+		# To prevent DoS attack by dkimproxy_out_user.
+		chown root:wheel ${dkimproxy_out_pidfile}
 	fi
-	rm -f ${logfile}
+	rm -f ${tmpfile}
 }
 
 dkimproxy_out_stop()
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609180715.k8I7F5sY002366>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation