[1843] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Services not required?

daemon@ATHENA.MIT.EDU (samboy@mr.samiam.org)
Tue Jun 9 06:50:47 1998

Date: Tue, 9 Jun 1998 00:40:14 -0700 (PDT)
From: samboy@mr.samiam.org
To: linux-security@redhat.com
In-Reply-To: <016e01bd9315$cbe32820$34a2eecf@tecra740cdt.chaven.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


# 110/POP3      (Katie Steven's v1.016)

Has this problem been patched:

	http://www.samiam.org/pop3/exploit.html

Oh, and I can't post to linux-security without a question, and a patch of
my own:

Question: Since the version of Pam for RH4.2 is Pam 0.57, why does the
          the XFree86-3.3.2 security require Pam 0.59?  Yes, I tried
          compiling Pam 0.59 from the RH5.0 SRPM, but it didn't work.
          Can I safely install this by using the --nodeps flag?  I notice
          it is the spec file that specifically asks for version 0.59 (or
          higher) of Pam.

Patch: Patch for Apache 1.2.5 that requires that all cgi-bin scripts are
       Perl scripts that run in taint mode.  It hard-wires Apache to
       reject any cgi-bin that doesn't start off as "#!/usr/bin/perl -T"

RPMS built around this patch are here:

	http://linux.samiam.org/blackdragon/

- Sam

*** apache_1.2.5/src/mod_cgi.c.orig	Mon Jun  8 15:58:15 1998
--- apache_1.2.5/src/mod_cgi.c	Mon Jun  8 16:18:46 1998
***************
*** 343,350 ****
  {
      int retval, nph, dbpos = 0;
      char *argv0, *dbuf = NULL;
!     FILE *script_out, *script_in, *script_err;
!     char argsbuffer[HUGE_STRING_LEN];
      int is_included = !strcmp (r->protocol, "INCLUDED");
      void *sconf = r->server->module_config;
      cgi_server_conf *conf =
--- 343,350 ----
  {
      int retval, nph, dbpos = 0;
      char *argv0, *dbuf = NULL;
!     FILE *script_out, *script_in, *script_err, *perl_check;
!     char argsbuffer[HUGE_STRING_LEN], bangline[20];
      int is_included = !strcmp (r->protocol, "INCLUDED");
      void *sconf = r->server->module_config;
      cgi_server_conf *conf =
***************
*** 365,370 ****
--- 365,382 ----
      else argv0 = r->filename;
  
      nph = !(strncmp(argv0,"nph-",4));
+ 
+     if(*(r->filename) != '/')
+     	return log_scripterror(r, conf, FORBIDDEN,
+ 	                       "You need absolute path to cgi-bin");
+ 
+     if((perl_check = fopen(r->filename,"rb")) == NULL)
+         return log_scripterror(r, conf, FORBIDDEN,
+ 			       "Can not read cgi-bin program");
+ 
+     if(strncmp(fgets(bangline,19,perl_check),"#!/usr/bin/perl -T",19))
+         return log_scripterror(r,conf, FORBIDDEN,
+ 	                       "We only allow Perl cgis w/ taint check");
  
      if (!(allow_options (r) & OPT_EXECCGI) && !is_scriptaliased (r))
  	return log_scripterror(r, conf, FORBIDDEN,

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post