Skip to content
GitLab
Commit 3f8449c6 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment... 

Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment variables to avoid exploits.
parent 9dcc2f30
Hide whitespace changes
Inline Side-by-side
src/cgi/sympa_soap_server-wrapper.fcgi.c
View file @ 3f8449c6
......@@ -6,6 +6,9 @@
Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
Copyright 2020 The Sympa Community. See the AUTHORS.md
file at the top-level directory of this distribution and at
<https://github.com/sympa-community/sympa.git>.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -24,8 +27,10 @@
#include <unistd.h>
int main(int argn, char **argv, char **envp) {
char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
setreuid(geteuid(),geteuid());
setregid(getegid(),getegid());
argv[0] = SYMPASOAP;
return execve(SYMPASOAP,argv,envp);
return execve(SYMPASOAP, argv, myenvp);
}
src/cgi/wwsympa-wrapper.fcgi.c
View file @ 3f8449c6
......@@ -6,6 +6,9 @@
Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
Copyright 2020 The Sympa Community. See the AUTHORS.md
file at the top-level directory of this distribution and at
<https://github.com/sympa-community/sympa.git>.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -24,8 +27,10 @@
#include <unistd.h>
int main(int argn, char **argv, char **envp) {
char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
setreuid(geteuid(),geteuid()); // Added to fix the segfault
setregid(getegid(),getegid()); // Added to fix the segfault
argv[0] = WWSYMPA;
return execve(WWSYMPA,argv,envp);
return execve(WWSYMPA, argv, myenvp);
}
src/libexec/sympa_newaliases-wrapper.c
View file @ 3f8449c6
......@@ -6,6 +6,9 @@
Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
Copyright 2020 The Sympa Community. See the AUTHORS.md
file at the top-level directory of this distribution and at
<https://github.com/sympa-community/sympa.git>.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -24,8 +27,10 @@
#include <unistd.h>
int main(int argn, char **argv, char **envp) {
char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
setreuid(geteuid(),geteuid());
setregid(getegid(),getegid());
argv[0] = SYMPA_NEWALIASES;
return execve(SYMPA_NEWALIASES, argv, envp);
return execve(SYMPA_NEWALIASES, argv, myenvp);
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment