Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment...

Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment variables to avoid exploits.

Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment...
Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment variables to avoid exploits.
3f8449c6 · IKEDA Soji · 9dcc2f30 · 3f8449c6 · 3f8449c6 · 3f8449c6
Commit 3f8449c6 authored Mar 27, 2020 by IKEDA Soji
--- a/src/cgi/sympa_soap_server-wrapper.fcgi.c
+++ b/src/cgi/sympa_soap_server-wrapper.fcgi.c
@@ -6,6 +6,9 @@
  Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
  2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
  Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
+  Copyright 2020 The Sympa Community. See the AUTHORS.md
+  file at the top-level directory of this distribution and at
+  <https://github.com/sympa-community/sympa.git>.
 
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -24,8 +27,10 @@
 #include <unistd.h>

 int main(int argn, char **argv, char **envp) {
+    char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
+
    setreuid(geteuid(),geteuid());
    setregid(getegid(),getegid());
    argv[0] = SYMPASOAP;
-    return execve(SYMPASOAP,argv,envp);
+    return execve(SYMPASOAP, argv, myenvp);
 }
--- a/src/cgi/wwsympa-wrapper.fcgi.c
+++ b/src/cgi/wwsympa-wrapper.fcgi.c
@@ -6,6 +6,9 @@
  Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
  2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
  Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
+  Copyright 2020 The Sympa Community. See the AUTHORS.md
+  file at the top-level directory of this distribution and at
+  <https://github.com/sympa-community/sympa.git>.
 
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -24,8 +27,10 @@
 #include <unistd.h>

 int main(int argn, char **argv, char **envp) {
+    char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
+
    setreuid(geteuid(),geteuid()); // Added to fix the segfault
    setregid(getegid(),getegid()); // Added to fix the segfault
    argv[0] = WWSYMPA;
-    return execve(WWSYMPA,argv,envp);
+    return execve(WWSYMPA, argv, myenvp);
 }
--- a/src/libexec/sympa_newaliases-wrapper.c
+++ b/src/libexec/sympa_newaliases-wrapper.c
@@ -6,6 +6,9 @@
  Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
  2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
  Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
+  Copyright 2020 The Sympa Community. See the AUTHORS.md
+  file at the top-level directory of this distribution and at
+  <https://github.com/sympa-community/sympa.git>.

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -24,8 +27,10 @@
 #include <unistd.h>

 int main(int argn, char **argv, char **envp) {
+    char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
+
    setreuid(geteuid(),geteuid());
    setregid(getegid(),getegid());
    argv[0] = SYMPA_NEWALIASES;
-    return execve(SYMPA_NEWALIASES, argv, envp);
+    return execve(SYMPA_NEWALIASES, argv, myenvp);
 }