From owner-freebsd-ports  Mon Jul 26 18: 0:13 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 28F911518F
	for <freebsd-ports@FreeBSD.org>; Mon, 26 Jul 1999 18:00:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id SAA49765;
	Mon, 26 Jul 1999 18:00:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from neptune.psn.net (neptune.psn.net [207.211.58.16])
	by hub.freebsd.org (Postfix) with ESMTP id 20ECB14F6F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Jul 1999 17:58:04 -0700 (PDT)
	(envelope-from will@shadow.blackdawn.com)
Received: from 5042-243.008.popsite.net ([209.224.140.243] helo=shadow.blackdawn.com)
	by neptune.psn.net with esmtp (PSN Internet Service 2.12 #3)
	for FreeBSD-gnats-submit@freebsd.org
	id 117tqo-0006BB-00; Fri, 23 Jul 1999 21:55:58 -0700
Received: (from will@localhost)
	by shadow.blackdawn.com (8.9.3/8.9.2) id AAA32871;
	Sat, 24 Jul 1999 00:55:55 -0400 (EDT)
	(envelope-from will)
Message-Id: <199907240455.AAA32871@shadow.blackdawn.com>
Date: Sat, 24 Jul 1999 00:55:55 -0400 (EDT)
From: Will Andrews <andrews@technologist.com>
Reply-To: Will Andrews <andrews@technologist.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/12826: [PATCH] editors/joe port
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         12826
>Category:       ports
>Synopsis:       [PATCH] editors/joe port
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 26 18:00:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Will Andrews
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
none
>Environment:

FreeBSD shadow.blackdawn.com 3.2-STABLE FreeBSD 3.2-STABLE #0: Fri Jul 23 20:15:30 EDT 1999     root@shadow.blackdawn.com:/usr/src/sys/compile/SHADOW  i386

>Description:

This report was sent to me by Trevor Johnson <trevor@jpj.net>:

joe creates a file, DEADJOE, when it is killed. Unfortunately, this file
is by default world readable. When somebody is editing sensitive files,
this program can reveal the contents, thus causing a security breach. 

>How-To-Repeat:

Use joe to edit a file, then kill -HUP its process. The resulting DEADJOE
will be world readable (and writable).

>Fix:

diff -urN joe/patches/patch-ad joe.new/patches/patch-ad
--- joe/patches/patch-ad        Wed Dec 31 19:00:00 1969
+++ joe.new/patches/patch-ad    Fri Jul 23 03:53:40 1999
@@ -0,0 +1,18 @@
+--- b.c        Fri Jan 20 03:38:25 1995
++++ b.c.new    Fri Jul 23 03:36:10 1999
+@@ -21,6 +21,7 @@
+ #include <pwd.h>
+ #endif
+ #include <errno.h>
++#include <sys/types.h>
+
+ #include "config.h"
+ #include "blocks.h"
+@@ -1990,6 +1991,7 @@
+  {
+  long tim=time(0);
+  B *b;
++ mode_t mask=umask(077); /* no access to DEADJOE for others */
+  FILE *f=fopen("DEADJOE","a");
+  fprintf(f,"\n*** Modified files in JOE when it aborted on %s",ctime(&tim));
+  if(sig) fprintf(f,"*** JOE was aborted by signal %d\n",sig);

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message