[evolvis-commits] r7350: Plenty of debugging (including security-related stuff). ↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 24 15:39:07 CET 2011


Author: mirabilos
Date: 2011-02-24 15:39:07 +0100 (Thu, 24 Feb 2011)
New Revision: 7350

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl
Log:
Plenty of debugging (including security-related stuff).


Modified: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl	2011-02-24 14:39:06 UTC (rev 7349)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl	2011-02-24 14:39:07 UTC (rev 7350)
@@ -1,9 +1,9 @@
-#! /usr/bin/perl -T
+#! /usr/bin/perl -Tw
 
 use strict ;
 use vars qw/ $file $dirty_file $user $dirty_user $group $dirty_group
     $real_file $dirty_real_file $src_file $dest_dir $dest_file $retval
-    $homedir_prefix / ;
+    $homedir_prefix $sys_dbpasswd / ;
 use subs qw/ &fileforge &tmpfilemove &wash_string / ;
 no locale ;
 
@@ -12,7 +12,9 @@
 
 # Check access to secret
 require ("/etc/sourceforge/local.pl") ;
-unless ($sys_dbpasswd == $ENV{'sys_dbpassword'}) {
+unless ( (defined $sys_dbpasswd)
+	 and (defined $ENV{'sys_dbpasswd'})
+	 and ($sys_dbpasswd eq $ENV{'sys_dbpasswd'}) ) {
     die "You are not authorized to run this script" ;
 }
 
@@ -21,22 +23,22 @@
 
 # Check which mode we're in
 # Normal fileforge
-if ($0 == "/usr/lib/sourceforge/bin/fileforge.pl") {
+if ($0 eq "/usr/lib/sourceforge/bin/fileforge.pl") {
     &fileforge ;
     exit 0 ;
 }
 # Temporary moving of files (for quick release system)
-if ($0 == "/usr/lib/sourceforge/bin/tmpfilemove.pl") {
+if ($0 eq "/usr/lib/sourceforge/bin/tmpfilemove.pl") {
     &tmpfilemove ;
     exit 0 ;
 }
 # If we're not in one of these two modes, then fail
-print "You must call this script as one of:
+print STDERR "You must call this script as one of:
 * /usr/lib/sourceforge/bin/fileforge.pl (normal execution)
 * /usr/lib/sourceforge/bin/tmpfilemove.pl (for QRS)" ;
 die "Unauthorized invocation '$0'" ;
 
-sub &fileforge {
+sub fileforge {
     if ($#ARGV != 2) {
 	die "Usage: fileforge.pl file user group" ;
     }
@@ -59,17 +61,21 @@
     # Check and untaint $group here
     $group = &wash_string ($dirty_group, "group") ;
 
-    # Compute destination dir name
+    # Compute and test destination dir name
     $dest_dir = "/var/lib/sourceforge/download/" ;
     $dest_dir .= $group ;
     $dest_dir .= "/" ;
-
     unless ( -d $dest_dir ) {
+	mkdir $dest_dir, 0755 or die $! ;
+	chown 0, 0, $dest_dir or die $! ;
+    }
+    unless ( -d $dest_dir ) {
 	die "Destination directory '$dest_dir' does not exist" ;
     }
 
-    # print "Moving '$src_file' to '$dest_dir'.\n" ;
-
+    chmod 0400, $src_file ;
+    chown 0, 0, $src_file ;
+    chmod 0644, $src_file ;
     $retval = system "/bin/mv $src_file $dest_dir" ;
     if ($retval == -1) {
 	die "Could not execute /bin/mv: $!" ;
@@ -79,7 +85,7 @@
     }
 }
 
-sub &tmpfilemove {
+sub tmpfilemove {
     if ($#ARGV != 2) {
 	die "Usage: tmpfilemove.pl temp_filename real_filename user_unix_name" ;
     }
@@ -87,25 +93,37 @@
     $dirty_real_file = $ARGV [1] ;
     $dirty_user = $ARGV [2] ;
 
-    # Check and untaint $file and $real_file here
+    # Check and untaint variables here
     $file = &wash_string ($dirty_file, "file") ;
     $real_file = &wash_string ($dirty_real_file, "real_file") ;
+    $user = &wash_string ($dirty_user, "user") ;
 
     # Compute source file name
     $src_file = "/tmp/" ;
     $src_file .= $file ;
 
-    # Check and untaint $user here
-    $user = &wash_string ($dirty_user, "user") ;
+    # Insure the source file is good
+    chmod 0400, $src_file ;
+    $retval = system "/bin/chown $user:$user $src_file" ;
+    if ($retval == -1) {
+	die "Could not execute '/bin/chmod $user:$user $src_file': $!" ;
+    }
+    if ($retval != 0) {
+	die "Error moving file" ;
+    }
+    chmod 0644, $src_file ;
 
+    # Compute and test destination directory name
+    $dest_dir = $homedir_prefix ;
+    $dest_dir .= $user ;
+    $dest_dir .= "/incoming/" ;
+    unless ( -d $dest_dir ) {
+	die "Destination directory '$dest_dir' does not exist" ;
+    }
+    
     # Compute destination file name
-    $dest_file = $homedir_prefix ;
-    $dest_file .= $user ;
-    $dest_file .= "/incoming/" ;
-    $dest_file .= $real_file ;
+    $dest_file = $dest_dir . $real_file ;
 
-    # print "Moving '$src_file' to '$dest_file'.\n" ;
-
     $retval = system "/bin/mv $src_file $dest_file" ;
     if ($retval == -1) {
 	die "Could not execute /bin/mv: $!" ;



More information about the evolvis-commits mailing list