Make security fix work on Slackware 9.1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1424 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-06-29 15:33:47 +00:00 · 2004-06-29 15:33:47 +00:00 · 1d2eea04b9
commit 1d2eea04b9
parent 9d3a1ca007
6 changed files with 25 additions and 12 deletions
--- a/STABLE/changelog.txt
+++ b/STABLE/changelog.txt
@ -37,3 +37,7 @@ Changes since 1.4.9
 17) Implement Sean Mathews's fix for Proxy ARP/IPSEC.

 18) Update rfc1918.
+
+19) Fix local exploit vulnerability.
+
+20) Hack security fix so that it works under Slackware.
--- a/STABLE/functions
+++ b/STABLE/functions
@ -247,14 +247,14 @@ mktempdir() {
    [ -z "$MKTEMP" ] && find_mktemp   
     
    case "$MKTEMP" in
-	BSD)
-	    mktemp -d /tmp/shorewall.XXXXXX
-	    ;;
 	STD)
 	    mktemp -td shorewall.XXXXXX
 	    ;;
-	None)
-	    mkdir /tmp/shorewall-$$ && echo /tmp/shorewall-$$
+	None|BSD)
+	    #
+	    # Not all versions of the BSD mktemp support the -d option under Linux
+	    #
+	    mkdir /tmp/shorewall-$$ && chmod 700 /tmp/shorewall-$$ && echo /tmp/shorewall-$$
 	    ;;
 	*)
 	    echo "   ERROR:Internal error in mktempdir"
--- a/STABLE/releasenotes.txt
+++ b/STABLE/releasenotes.txt
@ -49,6 +49,11 @@ Problems Corrected since version 1.4.9:

 13. The rfc1918 file has been updated.

+14. An exploitable vulnerability that allows local non-root users to 
+    cause arbitrary files to be overwritten has been eliminated.
+
+15) The security vulnerability fix failed under Slackware 9.1. 
+
 Migration Issues:

 None.
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -38,3 +38,5 @@ Changes since 2.0.2
 17) Fix bogus code in process_tc_rule()

 18) Fix security vulnerability involving temporary files/directories.
+
+19) Hack security fix so that it works under Slackware.
--- a/STABLE2/functions
+++ b/STABLE2/functions
@ -407,20 +407,20 @@ mktempdir() {
    [ -z "$MKTEMP" ] && find_mktemp   
     
    case "$MKTEMP" in
-	BSD)
-	    mktemp -d /tmp/shorewall.XXXXXX
-	    ;;
 	STD)
 	    mktemp -td shorewall.XXXXXX
 	    ;;
-	None)
-	    mkdir /tmp/shorewall-$$ && echo /tmp/shorewall-$$
+	None|BSD)
+	    #
+	    # Not all versions of the BSD mktemp support the -d option under Linux
+	    #
+	    mkdir /tmp/shorewall-$$ && chmod 700 /tmp/shorewall-$$ && echo /tmp/shorewall-$$
 	    ;;
 	*)
 	    echo "   ERROR:Internal error in mktempdir"
 	    ;;
 	esac
-}	
+}		

 #
 # Read a file and handle "INCLUDE" directives
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -1,4 +1,4 @@
-Shorewall 2.0.3
+Shorewall 2.0.3b

 ----------------------------------------------------------------------
 Problems Corrected since 2.0.2
@ -52,6 +52,8 @@ Problems Corrected since 2.0.3
 2)  A potential security vulnerablilty in the way that Shorewall
    handles temporary files and directories has been corrected.

+3) The security vulnerability fix failed under Slackware 9.1. 
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3: