1 |
blueness 13/02/26 20:04:33 |
2 |
|
3 |
Added: thttpd-fix-world-readable-log.patch |
4 |
Log: |
5 |
Make log read/write by thttpd user only, bug #458896, CVE-2013-0348 |
6 |
|
7 |
(Portage version: 2.1.11.50/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 www-servers/thttpd/files/thttpd-fix-world-readable-log.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-servers/thttpd/files/thttpd-fix-world-readable-log.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-servers/thttpd/files/thttpd-fix-world-readable-log.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: thttpd-fix-world-readable-log.patch |
16 |
=================================================================== |
17 |
From d2e186dbd58d274a0dea9b59357edc8498b5388d Mon Sep 17 00:00:00 2001 |
18 |
From: "Anthony G. Basile" <blueness@g.o> |
19 |
Date: Tue, 26 Feb 2013 14:28:26 -0500 |
20 |
Subject: [PATCH] src/thttpd.c: Fix world readable log, CVE-2013-0348. |
21 |
|
22 |
Make sure that the logfile is created or reopened as read/write |
23 |
by thttpd user only. |
24 |
|
25 |
X-gentoo-Bug: 458896 |
26 |
X-gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=458896 |
27 |
Reported-by: Agostino Sarubbo <ago@g.o> |
28 |
Signed-off-by: Anthony G. Basile <basile@××××××××××××××.edu> |
29 |
--- |
30 |
src/thttpd.c | 8 ++++++-- |
31 |
1 file changed, 6 insertions(+), 2 deletions(-) |
32 |
|
33 |
diff --git a/src/thttpd.c b/src/thttpd.c |
34 |
index 019b8c0..f33a7a7 100644 |
35 |
--- a/src/thttpd.c |
36 |
+++ b/src/thttpd.c |
37 |
@@ -326,6 +326,7 @@ static void |
38 |
re_open_logfile( void ) |
39 |
{ |
40 |
FILE* logfp; |
41 |
+ int retchmod; |
42 |
|
43 |
if ( no_log || hs == (httpd_server*) 0 ) |
44 |
return; |
45 |
@@ -335,7 +336,8 @@ re_open_logfile( void ) |
46 |
{ |
47 |
syslog( LOG_NOTICE, "re-opening logfile" ); |
48 |
logfp = fopen( logfile, "a" ); |
49 |
- if ( logfp == (FILE*) 0 ) |
50 |
+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); |
51 |
+ if ( logfp == (FILE*) 0 || retchmod != 0 ) |
52 |
{ |
53 |
syslog( LOG_CRIT, "re-opening %.80s - %m", logfile ); |
54 |
return; |
55 |
@@ -355,6 +357,7 @@ main( int argc, char** argv ) |
56 |
gid_t gid = 32767; |
57 |
char cwd[MAXPATHLEN+1]; |
58 |
FILE* logfp; |
59 |
+ int retchmod; |
60 |
int num_ready; |
61 |
int cnum; |
62 |
connecttab* c; |
63 |
@@ -424,7 +427,8 @@ main( int argc, char** argv ) |
64 |
else |
65 |
{ |
66 |
logfp = fopen( logfile, "a" ); |
67 |
- if ( logfp == (FILE*) 0 ) |
68 |
+ retchmod = chmod( logfile, S_IRUSR|S_IWUSR ); |
69 |
+ if ( logfp == (FILE*) 0 || retchmod != 0 ) |
70 |
{ |
71 |
syslog( LOG_CRIT, "%.80s - %m", logfile ); |
72 |
perror( logfile ); |
73 |
-- |
74 |
1.7.12.4 |