[evolvis-commits] r7350: Plenty of debugging (including security-related stuff). ↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 15:39:07 CET 2011
Author: mirabilos
Date: 2011-02-24 15:39:07 +0100 (Thu, 24 Feb 2011)
New Revision: 7350
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl
Log:
Plenty of debugging (including security-related stuff).
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl 2011-02-24 14:39:06 UTC (rev 7349)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/fileforge.pl 2011-02-24 14:39:07 UTC (rev 7350)
@@ -1,9 +1,9 @@
-#! /usr/bin/perl -T
+#! /usr/bin/perl -Tw
use strict ;
use vars qw/ $file $dirty_file $user $dirty_user $group $dirty_group
$real_file $dirty_real_file $src_file $dest_dir $dest_file $retval
- $homedir_prefix / ;
+ $homedir_prefix $sys_dbpasswd / ;
use subs qw/ &fileforge &tmpfilemove &wash_string / ;
no locale ;
@@ -12,7 +12,9 @@
# Check access to secret
require ("/etc/sourceforge/local.pl") ;
-unless ($sys_dbpasswd == $ENV{'sys_dbpassword'}) {
+unless ( (defined $sys_dbpasswd)
+ and (defined $ENV{'sys_dbpasswd'})
+ and ($sys_dbpasswd eq $ENV{'sys_dbpasswd'}) ) {
die "You are not authorized to run this script" ;
}
@@ -21,22 +23,22 @@
# Check which mode we're in
# Normal fileforge
-if ($0 == "/usr/lib/sourceforge/bin/fileforge.pl") {
+if ($0 eq "/usr/lib/sourceforge/bin/fileforge.pl") {
&fileforge ;
exit 0 ;
}
# Temporary moving of files (for quick release system)
-if ($0 == "/usr/lib/sourceforge/bin/tmpfilemove.pl") {
+if ($0 eq "/usr/lib/sourceforge/bin/tmpfilemove.pl") {
&tmpfilemove ;
exit 0 ;
}
# If we're not in one of these two modes, then fail
-print "You must call this script as one of:
+print STDERR "You must call this script as one of:
* /usr/lib/sourceforge/bin/fileforge.pl (normal execution)
* /usr/lib/sourceforge/bin/tmpfilemove.pl (for QRS)" ;
die "Unauthorized invocation '$0'" ;
-sub &fileforge {
+sub fileforge {
if ($#ARGV != 2) {
die "Usage: fileforge.pl file user group" ;
}
@@ -59,17 +61,21 @@
# Check and untaint $group here
$group = &wash_string ($dirty_group, "group") ;
- # Compute destination dir name
+ # Compute and test destination dir name
$dest_dir = "/var/lib/sourceforge/download/" ;
$dest_dir .= $group ;
$dest_dir .= "/" ;
-
unless ( -d $dest_dir ) {
+ mkdir $dest_dir, 0755 or die $! ;
+ chown 0, 0, $dest_dir or die $! ;
+ }
+ unless ( -d $dest_dir ) {
die "Destination directory '$dest_dir' does not exist" ;
}
- # print "Moving '$src_file' to '$dest_dir'.\n" ;
-
+ chmod 0400, $src_file ;
+ chown 0, 0, $src_file ;
+ chmod 0644, $src_file ;
$retval = system "/bin/mv $src_file $dest_dir" ;
if ($retval == -1) {
die "Could not execute /bin/mv: $!" ;
@@ -79,7 +85,7 @@
}
}
-sub &tmpfilemove {
+sub tmpfilemove {
if ($#ARGV != 2) {
die "Usage: tmpfilemove.pl temp_filename real_filename user_unix_name" ;
}
@@ -87,25 +93,37 @@
$dirty_real_file = $ARGV [1] ;
$dirty_user = $ARGV [2] ;
- # Check and untaint $file and $real_file here
+ # Check and untaint variables here
$file = &wash_string ($dirty_file, "file") ;
$real_file = &wash_string ($dirty_real_file, "real_file") ;
+ $user = &wash_string ($dirty_user, "user") ;
# Compute source file name
$src_file = "/tmp/" ;
$src_file .= $file ;
- # Check and untaint $user here
- $user = &wash_string ($dirty_user, "user") ;
+ # Insure the source file is good
+ chmod 0400, $src_file ;
+ $retval = system "/bin/chown $user:$user $src_file" ;
+ if ($retval == -1) {
+ die "Could not execute '/bin/chmod $user:$user $src_file': $!" ;
+ }
+ if ($retval != 0) {
+ die "Error moving file" ;
+ }
+ chmod 0644, $src_file ;
+ # Compute and test destination directory name
+ $dest_dir = $homedir_prefix ;
+ $dest_dir .= $user ;
+ $dest_dir .= "/incoming/" ;
+ unless ( -d $dest_dir ) {
+ die "Destination directory '$dest_dir' does not exist" ;
+ }
+
# Compute destination file name
- $dest_file = $homedir_prefix ;
- $dest_file .= $user ;
- $dest_file .= "/incoming/" ;
- $dest_file .= $real_file ;
+ $dest_file = $dest_dir . $real_file ;
- # print "Moving '$src_file' to '$dest_file'.\n" ;
-
$retval = system "/bin/mv $src_file $dest_file" ;
if ($retval == -1) {
die "Could not execute /bin/mv: $!" ;
More information about the evolvis-commits
mailing list