Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Jul 1999 00:55:55 -0400 (EDT)
From:      Will Andrews <andrews@technologist.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/12826: [PATCH] editors/joe port
Message-ID:  <199907240455.AAA32871@shadow.blackdawn.com>
next in thread | raw e-mail | index | archive | help 

>Number:         12826
>Category:       ports
>Synopsis:       [PATCH] editors/joe port
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 26 18:00:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Will Andrews
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
none
>Environment:

FreeBSD shadow.blackdawn.com 3.2-STABLE FreeBSD 3.2-STABLE #0: Fri Jul 23 20:15:30 EDT 1999     root@shadow.blackdawn.com:/usr/src/sys/compile/SHADOW  i386

>Description:

This report was sent to me by Trevor Johnson <trevor@jpj.net>:

joe creates a file, DEADJOE, when it is killed. Unfortunately, this file
is by default world readable. When somebody is editing sensitive files,
this program can reveal the contents, thus causing a security breach. 

>How-To-Repeat:

Use joe to edit a file, then kill -HUP its process. The resulting DEADJOE
will be world readable (and writable).

>Fix:

diff -urN joe/patches/patch-ad joe.new/patches/patch-ad
--- joe/patches/patch-ad        Wed Dec 31 19:00:00 1969
+++ joe.new/patches/patch-ad    Fri Jul 23 03:53:40 1999
@@ -0,0 +1,18 @@
+--- b.c        Fri Jan 20 03:38:25 1995
++++ b.c.new    Fri Jul 23 03:36:10 1999
+@@ -21,6 +21,7 @@
+ #include <pwd.h>
+ #endif
+ #include <errno.h>
++#include <sys/types.h>
+
+ #include "config.h"
+ #include "blocks.h"
+@@ -1990,6 +1991,7 @@
+  {
+  long tim=time(0);
+  B *b;
++ mode_t mask=umask(077); /* no access to DEADJOE for others */
+  FILE *f=fopen("DEADJOE","a");
+  fprintf(f,"\n*** Modified files in JOE when it aborted on %s",ctime(&tim));
+  if(sig) fprintf(f,"*** JOE was aborted by signal %d\n",sig);

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907240455.AAA32871>