Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Delegate creates directories writable for anyone
From: kjm () RINS RYUKOKU AC JP (KOJIMA Hajime)
Date: Thu, 22 Jul 1999 11:42:32 +0900


In <Pine.NEB.4.05.9907211352410.16623-100000 () klei intern polderland nl>,
Olaf Seibert wrote:
| On 30 june, I wrote (approximately) the following email to the author of
| Delegate, a multi-protocol proxy deamon (ftp, http, telnet, etc). So far
| I have received no reply, so now I'm posting here.

  This is an un-official fix for delegate 5.9.1 that I am using.
  This patch changes mode 777 -> 775, and I put
  "OWNER=delegate/delegate" option for delegated.  Latest delegate
  version is 5.9.3.

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/rary/file.c delegate5.9.1/rary/file.c
--- delegate5.9.1.org/rary/file.c       Mon Mar 15 18:33:28 1999
+++ delegate5.9.1/rary/file.c   Thu Apr 15 09:56:29 1999
@@ -372,7 +372,7 @@
                         tmpdir = "/tmp";
         }
         if( !fileIsdir(tmpdir) )
-               mkdir(tmpdir,0777);
+               mkdir(tmpdir,0775);

         if( path == NULL )
                 path = pathb;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/resolvy/rescache.c delegate5.9.1/resolvy/rescache.c
--- delegate5.9.1.org/resolvy/rescache.c        Mon Jan 11 03:47:49 1999
+++ delegate5.9.1/resolvy/rescache.c    Thu Apr 15 09:57:43 1999
@@ -65,8 +65,8 @@

         if( fp == NULL && *mode != 'r' ){
                 mkdir(tmpdir,0755);
-               if( mkdir(cdirs,0777) == 0 ) chmod(cdirs,0777);/*ignore umask*/
-               if( mkdir(cdirg,0777) == 0 ){chmod(cdirg,0777);
+               if( mkdir(cdirs,0775) == 0 ) chmod(cdirs,0775);/*ignore umask*/
+               if( mkdir(cdirg,0775) == 0 ){chmod(cdirg,0775);
                         RES_getconf(conf);
                         sprintf(idfile,"%s/config",cdirg);
                         cfp = fopen(idfile,"w");
@@ -81,7 +81,7 @@
                         fputs(conf,cfp);
                         fclose(cfp);
                 }
-               if( mkdir(cdir1,0777) == 0 ) chmod(cdir1,0777);
+               if( mkdir(cdir1,0775) == 0 ) chmod(cdir1,0775);

                 if( (fp = fopen(cpath,mode)) == NULL ){
                         cache_cantopen = time(0);
@@ -89,7 +89,7 @@
                 }
         }
         if( fp != NULL && *mode != 'r' )
-               chmod(cpath,0666);
+               chmod(cpath,0664);

         return fp;
 }
@@ -184,7 +184,7 @@
                                 debug(DBG_FORCE,"CACHE cant del.? %s\n",cpath);
                         if( rename(newpath,cpath) == 0 ){
                                 debug(DBG_ANY,"CACHE truncated %s\n",cpath);
-                               chmod(cpath,0666);
+                               chmod(cpath,0664);
                         }
                         if( unlink(newpath) == 0 )
                                 debug(DBG_FORCE,"CACHE salvaged %s\n",newpath);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/cache.c delegate5.9.1/src/cache.c
--- delegate5.9.1.org/src/cache.c       Fri Jul 10 18:22:56 1998
+++ delegate5.9.1/src/cache.c   Thu Apr 15 09:54:02 1999
@@ -174,7 +174,7 @@

         if( dp = strrchr(file,'/') ){
                 *dp = 0;
-               mkdirR(file,0777);
+               mkdirR(file,0775);
                 *dp = '/';
         }

@@ -731,7 +731,7 @@
         fclose(cachefp);

         if( gotok ){
-               if( renameR(xcpath,cpath,0777) == 0 )
+               if( renameR(xcpath,cpath,0775) == 0 )
                         sv1log("CACHE: got = [%d] %s\n",size,cpath);
                 else   sv1log("CACHE: can't link %s => %s\n",cpath,xcpath);
         }else{
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/delegated.c delegate5.9.1/src/delegated.c
--- delegate5.9.1.org/src/delegated.c   Mon Mar 15 19:18:15 1999
+++ delegate5.9.1/src/delegated.c       Thu Apr 15 09:54:16 1999
@@ -3473,7 +3473,7 @@
                         fprintf(stderr,"WORKDIR=%s\n",wdir);
         }

-       mkdirR(wdir,0777);
+       mkdirR(wdir,0775);
         getcwd(cwd,sizeof(cwd));
         originWD = strdup(cwd);

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/editconf.c delegate5.9.1/src/editconf.c
--- delegate5.9.1.org/src/editconf.c    Tue Oct  6 15:51:05 1998
+++ delegate5.9.1/src/editconf.c        Thu Apr 15 09:55:18 1999
@@ -370,7 +370,7 @@
                         fprintf(stderr,"#### %s\n",msg);
                         YesOrNo(stderr,stdin,"#### Create Cachedir",yn);
                         if( yn[0] == 'y' )
-                       if( mkdirR(sdir,0777) == 0 ){
+                       if( mkdirR(sdir,0775) == 0 ){
                                 fprintf(stderr,"#### Created: %s\n",sdir);
                                 sv1log("#### CACHEDIR created: %s\n",sdir);
                                 return 0;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/log.c delegate5.9.1/src/log.c
--- delegate5.9.1.org/src/log.c Mon Mar 15 19:39:35 1999
+++ delegate5.9.1/src/log.c     Thu Apr 15 09:55:35 1999
@@ -410,7 +410,7 @@
 loglog("AGEFILE(%x,%s,%s,%s,%s) %d\n",ofp,file,current,mode,tmpdir,was_active);

         unlink(current);
-       linkR(file,current,0777); /* should use symbolic link ? */
+       linkR(file,current,0775); /* should use symbolic link ? */

 REOPEN:
         nfp = fopen(file,mode);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/nntp.c delegate5.9.1/src/nntp.c
--- delegate5.9.1.org/src/nntp.c        Fri Mar  5 17:08:41 1999
+++ delegate5.9.1/src/nntp.c    Thu Apr 15 09:55:57 1999
@@ -5266,7 +5266,7 @@

         if( 0 < xsize ){
                 sprintf(apath1,"%s#",apath);
-               if( linkR(xapath,apath1,0777) != 0 ){
+               if( linkR(xapath,apath1,0775) != 0 ){
                         sv1log("#### linkR(%s,%s) failed(%d).\n",
                                 xapath,apath1,errno);
                         return afp;
@@ -5295,7 +5295,7 @@
         }else{
                 if( xsize == 0 )
                         unlink(xapath);
-               linkR(apath,xapath,0777);
+               linkR(apath,xapath,0775);
                 sv1log("LINKED-2 [%s] from [%s]\n",apath,xapath);
         }

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/uns.c delegate5.9.1/src/uns.c
--- delegate5.9.1.org/src/uns.c Tue Aug  4 22:41:29 1998
+++ delegate5.9.1/src/uns.c     Thu Apr 15 09:56:11 1999
@@ -165,7 +165,7 @@
                 if( dp = strrpbrk(dir,"/\\") )
                         *dp = 0;
                 if( !fileIsdir(dir) ){
-                       mkdirR(dir,0777);
+                       mkdirR(dir,0775);
                         if( !fileIsdir(dir) )
                                 errlog("bind_un: cannot mkdir %s\n",dir);
                 }

  This patch was posted to delegate ML at Tue, 20 Apr 1999 19:36:02
  JST.  You can see my post at:

<http://www.delegate.org/delegate/ml/archive/081/03>

  Caution: Above URL is written in japanese, ISO-2022-JP encoding.

----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm () rins ryukoku ac jp, http://www.st.ryukoku.ac.jp/~kjm/


  By Date           By Thread  

Current thread:
  • Re: Delegate creates directories writable for anyone KOJIMA Hajime (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault