ports/60516: Maintainer update: security/op (security fix)

Mon Dec 22 23:00:42 UTC 2003

>Number:         60516
>Category:       ports
>Synopsis:       Maintainer update: security/op (security fix)
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 22 15:00:38 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Cyrille Lefevre
>Release:        FreeBSD 5.2-BETA i386
>Organization:
ACME
>Environment:
System: FreeBSD gits 5.2-BETA FreeBSD 5.2-BETA #0: Fri Dec 5 17:03:48 CET 2003 root at gits:/disk3/freebsd/current/obj/disk3/freebsd/current/src/sys/CUSTOM i386
>Description:
	Makefile
		PORTREVISION bumped
		MAINTAINERship given to "Steve Simmons <scs at umich.edu>" as
		he asks me to implement Kerberos autentification in op.
	files/patch-main.c
		setgid added in addition to setgroups.
		also, numeric group-ids are now allowed.
>How-To-Repeat:
	n/a
>Fix:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/op/Makefile,v
retrieving revision 1.12
diff -u -I$Id.*$ -I$.+BSD.*$ -r1.12 Makefile

--- Makefile	15 Oct 2003 13:03:15 -0000	1.12
+++ Makefile	22 Dec 2003 22:52:23 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	op
 PORTVERSION=	1.11
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.cerias.purdue.edu/pub/tools/%SUBDIR%/ \
 		ftp://ftp.rge.com/pub/security/cerias/tools/%SUBDIR%/ \
@@ -15,7 +15,7 @@
 		ftp://ftp.nask.pl/pub/mirror/coast.cs.purdue.edu/%SUBDIR%/
 MASTER_SITE_SUBDIR=	unix/sysutils/${PORTNAME}
 
-MAINTAINER=	cyrille.lefevre at laposte.net
+MAINTAINER=	Steve Simmons <scs at umich.edu>
 COMMENT=	Allow others to run commands as root (like sudo but different)
 
 # Global variables
Index: files/patch-main.c
===================================================================
RCS file: /home/ncvs/ports/security/op/files/patch-main.c,v
retrieving revision 1.2
diff -u -I$Id.*$ -I$.+BSD.*$ -r1.2 patch-main.c
--- files/patch-main.c	15 Oct 2003 13:03:16 -0000	1.2
+++ files/patch-main.c	22 Dec 2003 22:33:49 -0000
@@ -1,5 +1,5 @@
---- main.c.orig	Wed Oct 15 05:58:41 2003
-+++ main.c	Wed Oct 15 06:02:22 2003
+--- main.c.orig	Mon Dec 22 23:26:47 2003
++++ main.c	Mon Dec 22 23:27:23 2003
 @@ -9,7 +9,7 @@
  /* +-------------------------------------------------------------------+ */
  
@@ -9,7 +9,15 @@
  #include <syslog.h>
  #include <pwd.h>
  #include <grp.h>
-@@ -170,14 +170,11 @@
+@@ -51,6 +51,7 @@
+ extern char	*getpass(), *crypt();
+ 
+ char	*Progname;
++int	fatal(char *s, ...);
+ char    *format_cmd();
+ char    *GetCode();
+ cmd_t	*Find();
+@@ -170,14 +171,11 @@
  	return Go(new, num, argc, argv);
  }
  
@@ -26,7 +34,7 @@
  	vfprintf(stderr, s, ap);
  	fputc('\n', stderr);
  	va_end(ap);
-@@ -448,29 +445,17 @@
+@@ -448,35 +446,28 @@
  	char		*cp, *np;
  	struct passwd	*pw;
  	struct group	*gr;
@@ -50,15 +58,29 @@
 -	}
 -
  	if ((cp = FindOpt(cmd, "gid")) == NULL) {
- 		;		/* don't have a default */
+-		;		/* don't have a default */
++		if (setgid(0) < 0)
++			fatal("Unable to set gid to default", cp);
  	} else {
  		for (cp=GetField(cp, str); cp!=NULL; cp=GetField(cp, str)) {
 -			if ((gr = getgrnam(cp)) != NULL)
 +			if ((gr = getgrnam(str)) != NULL)
  				gidset[ngroups++] = gr->gr_gid;
++			else
++				gidset[ngroups++] = atoi(str);
  		}
  		if (ngroups == 0) 
-@@ -533,6 +518,18 @@
+-			fatal("Unable to setgid to any group");
++			fatal("Unable to set gid to any group");
+ 		if (setgroups(ngroups, gidset) < 0)
+-			fatal("Set group failed");
++			fatal("Unable to set auxiliary groups");
++		if (setgid(gidset[0]) < 0)
++			fatal("Unable to set gid to %s", gidset[0]);
+ 	}
+ 
+ 	if ((cp = FindOpt(cmd, "umask")) == NULL) {
+@@ -533,6 +524,17 @@
  			new_envp[curenv++] = environ[i];
  	}
  	new_envp[curenv] = NULL;
@@ -70,8 +92,7 @@
 +		if ((pw = getpwnam(cp)) == NULL) {
 +			if (setuid(atoi(cp)) < 0)
 +				fatal("Unable to set uid to %s", cp);
-+		}
-+		if (setuid(pw->pw_uid) < 0)
++		} else if (setuid(pw->pw_uid) < 0)
 +			fatal("Unable to set uid to %s", cp);
 +	}
  
>Release-Note:
>Audit-Trail:
>Unformatted:

