[Evolvis-commits] r338: Adding this script to the repository. ↵ ↵ Concept is simple : using system permissions on directories is not↵ enough , since it gives write access on plenty of directories to the↵ www-data user . ↵ ↵ Using a root setuid script works , but then we have to make sure only↵ authorised invocations can happen . Again, the permissions system is↵ not enough . Only pages in the Sourceforge website should be allowed↵ to run it . ↵ ↵ The trick : we check on the existence and validity of information only↵ available to the appropriate PHP scripts . Namely, the database↵ password . It 's stored in a root:root 600 file, it' s only exported to↵ a select subset of the web pages via a SetEnv directive , so it should↵ be secure . ↵ ↵ Of course , I could be wrong. In that case, please correct me. ↵ ↵ This is a Perl script using all kinds of taintedness checks as per↵ 'perldoc perlsec'. ↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 25 14:17:38 CET 2010


Author: mirabilos
Date: 2010-02-25 13:17:38 +0000 (Thu, 25 Feb 2010)
New Revision: 338

Added:
   trunk/gforge_base/evolvisforge/gforge/deb-specific/fileforge.pl
Modified:
   trunk/gforge_base/evolvisforge/
Log:
Adding this script to the repository.

Concept is simple: using system permissions on directories is not
enough, since it gives write access on plenty of directories to the
www-data user.

Using a root setuid script works, but then we have to make sure only
authorised invocations can happen.  Again, the permissions system is
not enough.  Only pages in the Sourceforge website should be allowed
to run it.

The trick: we check on the existence and validity of information only
available to the appropriate PHP scripts.  Namely, the database
password.  It's stored in a root:root 600 file, it's only exported to
a select subset of the web pages via a SetEnv directive, so it should
be secure.

Of course, I could be wrong.  In that case, please correct me.

This is a Perl script using all kinds of taintedness checks as per
'perldoc perlsec'.



Property changes on: trunk/gforge_base/evolvisforge
___________________________________________________________________
Name: bzr:revision-info
   - timestamp: 2001-10-20 16:44:49.000000000 +0000
committer: lo-lan-do

   + timestamp: 2001-10-21 14:42:57.000000000 +0000
committer: lo-lan-do

Name: bzr:file-ids
   - gforge/debian/changelog	7 at 9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk%2Fgforge%2Fdebian%2Fchangelog

   + gforge/deb-specific/fileforge.pl	109 at 9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk%2Fgforge%2Fdeb-specific%2Ffileforge.pl

Name: bzr:revision-id:v4
   - 1 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:1
2 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:2
3 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:7
4 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:9
5 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:10
6 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:11
7 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:12
8 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:13
9 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:14
10 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:15
11 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:16
12 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:17
13 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:18
14 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:19
15 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:20
16 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:21
17 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:22
18 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:23
19 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:24
20 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:25
21 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:26
22 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:27
23 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:28
24 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:29
25 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:30
26 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:31
27 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:32
28 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:33
29 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:34
30 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:35
31 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:36
32 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:37
33 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:38
34 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:39
35 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:40
36 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:41
37 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:42
38 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:43
39 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:44
40 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:45
41 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:46
42 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:47
43 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:48
44 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:49
45 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:50
46 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:51
47 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:52
48 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:53
49 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:54
50 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:55
51 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:56
52 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:57
53 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:58
54 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:59
55 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:60
56 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:61
57 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:62
58 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:63
59 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:64
60 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:65
61 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:66
62 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:67
63 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:68
64 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:69
65 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:70
66 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:71
67 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:72
68 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:73
69 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:74
70 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:75
71 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:76
72 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:77
73 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:78
74 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:79
75 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:80
76 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:81
77 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:82
78 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:83
79 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:84
80 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:85
81 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:86
82 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:87
83 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:88
84 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:89
85 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:90
86 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:91
87 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:92
88 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:93
89 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:94
90 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:95
91 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:96
92 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:97
93 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:98
94 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:99
95 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:100
96 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:101
97 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:102
98 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:103
99 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:104
100 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:105
101 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:106
102 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:107
103 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:108

   + 1 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:1
2 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:2
3 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:7
4 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:9
5 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:10
6 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:11
7 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:12
8 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:13
9 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:14
10 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:15
11 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:16
12 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:17
13 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:18
14 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:19
15 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:20
16 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:21
17 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:22
18 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:23
19 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:24
20 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:25
21 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:26
22 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:27
23 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:28
24 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:29
25 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:30
26 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:31
27 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:32
28 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:33
29 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:34
30 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:35
31 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:36
32 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:37
33 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:38
34 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:39
35 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:40
36 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:41
37 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:42
38 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:43
39 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:44
40 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:45
41 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:46
42 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:47
43 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:48
44 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:49
45 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:50
46 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:51
47 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:52
48 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:53
49 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:54
50 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:55
51 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:56
52 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:57
53 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:58
54 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:59
55 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:60
56 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:61
57 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:62
58 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:63
59 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:64
60 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:65
61 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:66
62 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:67
63 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:68
64 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:69
65 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:70
66 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:71
67 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:72
68 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:73
69 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:74
70 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:75
71 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:76
72 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:77
73 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:78
74 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:79
75 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:80
76 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:81
77 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:82
78 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:83
79 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:84
80 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:85
81 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:86
82 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:87
83 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:88
84 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:89
85 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:90
86 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:91
87 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:92
88 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:93
89 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:94
90 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:95
91 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:96
92 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:97
93 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:98
94 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:99
95 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:100
96 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:101
97 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:102
98 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:103
99 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:104
100 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:105
101 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:106
102 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:107
103 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:108
104 svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:109

Name: bzr:text-parents
   - gforge/debian/changelog	svn-v4:9d84d37e-dcb1-4aad-b103-6f3d92f53bf6:trunk:106

   + 

Added: trunk/gforge_base/evolvisforge/gforge/deb-specific/fileforge.pl
===================================================================
--- trunk/gforge_base/evolvisforge/gforge/deb-specific/fileforge.pl	                        (rev 0)
+++ trunk/gforge_base/evolvisforge/gforge/deb-specific/fileforge.pl	2010-02-25 13:17:38 UTC (rev 338)
@@ -0,0 +1,89 @@
+#! /usr/bin/perl -T
+
+use strict ;
+use vars qw/ $file $user $group $dirty_file $dirty_user $dirty_group
+    $src_file $dest_dir $retval / ;
+use subs qw/ &wash_string / ;
+no locale ;
+
+if ($#ARGV != 2) {
+    die "Usage: fileforge.pl file user group" ;
+}
+
+# Clean up our environment
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
+
+# Check access to secret
+require ("/etc/sourceforge/local.pl") ;
+unless ($sys_dbpasswd == $ENV{'sys_dbpassword'}) {
+    die "You are not authorized to run this script" ;
+}
+
+# "Parse" command-line options
+$dirty_file = $ARGV [0] ;
+$dirty_user = $ARGV [1] ;
+$dirty_group = $ARGV [2] ;
+
+# Check and untaint $user and $file here
+$file = &wash_string ($dirty_file, "file") ;
+$user = &wash_string ($dirty_user, "user") ;
+
+# Compute source file name
+$src_file = "/var/lib/sourceforge/chroot/home/users/" ;
+$src_file .= $user ;
+$src_file .= "/incoming/" ;
+$src_file .= $file ;
+
+# Check and untaint $group here
+$group = &wash_string ($dirty_group, "group") ;
+
+# Compute destination file name
+$dest_dir = "/var/lib/sourceforge/download/" ;
+$dest_dir .= $group ;
+$dest_dir .= "/" ;
+
+unless ( -d $dest_dir ) {
+    die "Destination directory '$dest_dir' does not exist" ;
+}
+
+# print "Moving '$src_file' to '$dest_dir'.\n" ;
+
+$retval = system "/bin/echo /bin/mv $src_file $dest_dir" ;
+if ($retval == -1) {
+    die "Could not execute /bin/mv: $!" ;
+}
+if ($retval != 0) {
+    die "Error moving file" ;
+}
+
+exit 0 ;
+
+sub wash_string {
+    my $string = shift ;
+    my $name = shift ;
+
+    # Empty strings are not allowed
+    if (length $string == 0) {
+	die "Forbidden empty $name '$string'" ;
+    }
+    
+    # Only allowed characters are alphanumerical . + _ -
+    if ($string =~ m,[^\w.+_-],) {
+	die "Forbidden characters in $name '$string'" ;
+    }
+
+    # No .. sequence is allowed
+    if ($string =~ m,\.\.,) {
+	die "Forbidden '..' sequence in $name 'string'" ;
+    }
+    
+    my $clean = '' ;
+ 
+    if ($string =~ /^([\w.+_-]+)$/) {
+	$clean = $1 ;
+    } else {
+	die "Unexpected error while untainting $name '$string'" ;
+    }
+
+    return $clean ;
+}




More information about the evolvis-commits mailing list