[1843] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (samboy@mr.samiam.org)
Tue Jun 9 06:50:47 1998
Date: Tue, 9 Jun 1998 00:40:14 -0700 (PDT)
From: samboy@mr.samiam.org
To: linux-security@redhat.com
In-Reply-To: <016e01bd9315$cbe32820$34a2eecf@tecra740cdt.chaven.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
# 110/POP3 (Katie Steven's v1.016)
Has this problem been patched:
http://www.samiam.org/pop3/exploit.html
Oh, and I can't post to linux-security without a question, and a patch of
my own:
Question: Since the version of Pam for RH4.2 is Pam 0.57, why does the
the XFree86-3.3.2 security require Pam 0.59? Yes, I tried
compiling Pam 0.59 from the RH5.0 SRPM, but it didn't work.
Can I safely install this by using the --nodeps flag? I notice
it is the spec file that specifically asks for version 0.59 (or
higher) of Pam.
Patch: Patch for Apache 1.2.5 that requires that all cgi-bin scripts are
Perl scripts that run in taint mode. It hard-wires Apache to
reject any cgi-bin that doesn't start off as "#!/usr/bin/perl -T"
RPMS built around this patch are here:
http://linux.samiam.org/blackdragon/
- Sam
*** apache_1.2.5/src/mod_cgi.c.orig Mon Jun 8 15:58:15 1998
--- apache_1.2.5/src/mod_cgi.c Mon Jun 8 16:18:46 1998
***************
*** 343,350 ****
{
int retval, nph, dbpos = 0;
char *argv0, *dbuf = NULL;
! FILE *script_out, *script_in, *script_err;
! char argsbuffer[HUGE_STRING_LEN];
int is_included = !strcmp (r->protocol, "INCLUDED");
void *sconf = r->server->module_config;
cgi_server_conf *conf =
--- 343,350 ----
{
int retval, nph, dbpos = 0;
char *argv0, *dbuf = NULL;
! FILE *script_out, *script_in, *script_err, *perl_check;
! char argsbuffer[HUGE_STRING_LEN], bangline[20];
int is_included = !strcmp (r->protocol, "INCLUDED");
void *sconf = r->server->module_config;
cgi_server_conf *conf =
***************
*** 365,370 ****
--- 365,382 ----
else argv0 = r->filename;
nph = !(strncmp(argv0,"nph-",4));
+
+ if(*(r->filename) != '/')
+ return log_scripterror(r, conf, FORBIDDEN,
+ "You need absolute path to cgi-bin");
+
+ if((perl_check = fopen(r->filename,"rb")) == NULL)
+ return log_scripterror(r, conf, FORBIDDEN,
+ "Can not read cgi-bin program");
+
+ if(strncmp(fgets(bangline,19,perl_check),"#!/usr/bin/perl -T",19))
+ return log_scripterror(r,conf, FORBIDDEN,
+ "We only allow Perl cgis w/ taint check");
if (!(allow_options (r) & OPT_EXECCGI) && !is_scriptaliased (r))
return log_scripterror(r, conf, FORBIDDEN,
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null