From root@lupe-christoph.de  Mon Jan 16 15:44:47 2006
Return-Path: <root@lupe-christoph.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3FAE116A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jan 2006 15:44:47 +0000 (GMT)
	(envelope-from root@lupe-christoph.de)
Received: from buexe.b-5.de (buexe.b-5.de [84.19.0.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 529A743D4C
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jan 2006 15:44:39 +0000 (GMT)
	(envelope-from root@lupe-christoph.de)
Received: from antalya.lupe-christoph.de (antalya.lupe-christoph.de [172.17.0.9])
	by buexe.b-5.de (8.12.3/8.12.3/b-5/buexe-3.4) with ESMTP id k0GFiQLD017181
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jan 2006 16:44:27 +0100
Received: from localhost (localhost [127.0.0.1])
	by antalya.lupe-christoph.de (Postfix) with ESMTP id B7CC13452A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jan 2006 16:44:21 +0100 (CET)
Received: from antalya.lupe-christoph.de ([127.0.0.1])
	by localhost (antalya.lupe-christoph.de [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 30038-01-2 for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 16 Jan 2006 16:44:17 +0100 (CET)
Received: from firewally.lupe-christoph.de (firewally.lupe-christoph.de [172.17.0.7])
	by antalya.lupe-christoph.de (Postfix) with ESMTP id 3F2E7344EC
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jan 2006 16:44:17 +0100 (CET)
Received: by firewally.lupe-christoph.de (Postfix, from userid 0)
	id 22432A772; Mon, 16 Jan 2006 16:44:07 +0100 (CET)
Message-Id: <20060116154407.22432A772@firewally.lupe-christoph.de>
Date: Mon, 16 Jan 2006 16:44:07 +0100 (CET)
From: Lupe Christoph <lupe@lupe-christoph.de>
Reply-To: Lupe Christoph <lupe@lupe-christoph.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: p5-Net-Server fails to untaint the executable path
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         91872
>Category:       ports
>Synopsis:       net/p5-Net-Server fails to untaint the executable path
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    vd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 16 15:50:04 GMT 2006
>Closed-Date:    Thu Jan 26 10:45:11 GMT 2006
>Last-Modified:  Thu Jan 26 10:45:11 GMT 2006
>Originator:     Lupe Christoph
>Release:        FreeBSD 5.4-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD firewally.lupe-christoph.de 5.4-RELEASE-p7 FreeBSD 5.4-RELEASE-p7 #4: Tue Sep 13 20:23:52 CEST 2005 lupe@firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386


	
>Description:
	The new version of p5-Net-Server has a fix for a problem I found earlier
	that prevents munin-node from restarting on a HUP signal. But the fix is
	incomplete because it does not take perl's taint mode into account.

	I have created a ticket on rt.cpan.org: http://rt.cpan.org//Ticket/Display.html?id=17090
>How-To-Repeat:
	Install sysutils/munin-node. Start munin-node. Send the process a HUP.
>Fix:

	This fix also corrects another problem - relative pathes are not recognized
	except when they start with a '.'.

--- Net-Server.patch begins here ---
--- /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm.orig	Mon Dec  5 22:13:04 2005
+++ /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm	Mon Jan 16 16:26:49 2006
@@ -133,6 +133,7 @@
   ### see if we can find the full command line
   if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
     my $line = do { local $/ = undef; <_CMDLINE> };
+    ($line) = $line =~ /^(.*)$/; # untaint
     close _CMDLINE;
     if ($line) {
       return [split /\0/, $line];
@@ -140,7 +141,8 @@
   }
 
   my $script = $0;
-  $script = $ENV{'PWD'} .'/'. $script if $script =~ m|^\.+/| && $ENV{'PWD'}; # add absolute to relative
+  $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| && $ENV{'PWD'}; # add absolute to relative
+  ($script) = $script =~ /^(.*)$/; # untaint
   return [ $script, @ARGV ]
 }
 
--- Net-Server.patch ends here ---


>Release-Note:
>Audit-Trail:

From: Vasil Dimov <vd@FreeBSD.org>
To: Lupe Christoph <lupe@lupe-christoph.de>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/91872: p5-Net-Server fails to untaint the executable path
Date: Tue, 24 Jan 2006 11:03:21 +0200

 --6TrnltStXW4iwmi0
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, Jan 16, 2006 at 04:44:07PM +0100, Lupe Christoph wrote:
 > --- Net-Server.patch begins here ---
 > --- /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm.orig	Mon Dec  5 22=
 :13:04 2005
 > +++ /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm	Mon Jan 16 16:26:4=
 9 2006
 =2E..
 >
 
 Can you please submit a patch that applies to the port, not the
 installed software.
 E.g. /usr/ports/net/p5-Net-Server not /usr/local/lib/perl5/site_perl/5.8.7/
 
 You may do
 * backup p5-Net-Server to p5-Net-Server.orig
 * make extract
 * prepare a patch relative to (should be named like patch-something)
   /usr/ports/net/p5-Net-Server/work/Net-Server-0.90/ and place it in
   /usr/ports/net/p5-Net-Server/files
 * send the result from diff -urN p5-Net-Server.orig p5-Net-Server
   before your changes.
 
 --=20
 Vasil Dimov
 
 --6TrnltStXW4iwmi0
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 
 iD8DBQFD1e1ZFw6SP/bBpCARAif3AKCuptWcrTsD/9vxE9Yzise+4N2oMQCguaMB
 z5Im60j6Y5R6iSt0sPvvgws=
 =pniT
 -----END PGP SIGNATURE-----
 
 --6TrnltStXW4iwmi0--

From: Lupe Christoph <lupe@lupe-christoph.de>
To: Vasil Dimov <vd@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/91872: p5-Net-Server fails to untaint the executable path
Date: Wed, 25 Jan 2006 08:23:45 +0100

 On Tuesday, 2006-01-24 at 11:03:21 +0200, Vasil Dimov wrote:
 > On Mon, Jan 16, 2006 at 04:44:07PM +0100, Lupe Christoph wrote:
 > > --- Net-Server.patch begins here ---
 > > --- /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm.orig	Mon Dec  5 22:13:04 2005
 > > +++ /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm	Mon Jan 16 16:26:49 2006
 > ...
 
 > Can you please submit a patch that applies to the port, not the
 > installed software.
 > E.g. /usr/ports/net/p5-Net-Server not /usr/local/lib/perl5/site_perl/5.8.7/
 
 As you wish, master! ;-)
 
 diff -ruN p5-Net-Server.orig/files/patch-Server.pm p5-Net-Server/files/patch-Server.pm
 --- p5-Net-Server.orig/files/patch-Server.pm	Thu Jan  1 01:00:00 1970
 +++ p5-Net-Server/files/patch-Server.pm	Wed Jan 25 08:21:13 2006
 @@ -0,0 +1,21 @@
 +diff -ruN lib/Net/Server.pm lib/Net/Server.pm
 +--- lib/Net/Server.pm	Mon Dec  5 22:13:04 2005
 ++++ lib/Net/Server.pm	Wed Jan 25 08:18:25 2006
 +@@ -133,6 +133,7 @@
 +   ### see if we can find the full command line
 +   if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
 +     my $line = do { local $/ = undef; <_CMDLINE> };
 ++    ($line) = $line =~ /^(.*)$/; # untaint
 +     close _CMDLINE;
 +     if ($line) {
 +       return [split /\0/, $line];
 +@@ -140,7 +141,8 @@
 +   }
 + 
 +   my $script = $0;
 +-  $script = $ENV{'PWD'} .'/'. $script if $script =~ m|^\.+/| && $ENV{'PWD'}; # add absolute to relative
 ++  $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| && $ENV{'PWD'}; # add absolute to relative
 ++  ($script) = $script =~ /^(.*)$/; # untaint
 +   return [ $script, @ARGV ]
 + }
 + 
 
 Lupe Christoph
 -- 
 | You know we're sitting on four million pounds of fuel, one nuclear     |
 | weapon and a thing that has 270,000 moving parts built by the lowest   |
 | bidder. Makes you feel good, doesn't it?                               |
 | Rockhound in "Armageddon", 1998, about the Space Shuttle               |
Responsible-Changed-From-To: freebsd-ports-bugs->vd 
Responsible-Changed-By: vd 
Responsible-Changed-When: Wed Jan 25 08:16:03 UTC 2006 
Responsible-Changed-Why:  
I will take it 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91872 

From: Vasil Dimov <vd@FreeBSD.org>
To: Lupe Christoph <lupe@lupe-christoph.de>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/91872: p5-Net-Server fails to untaint the executable path
Date: Thu, 26 Jan 2006 09:50:53 +0200

 --k+w/mQv8wyuph6w0
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, Jan 16, 2006 at 04:44:07PM +0100, Lupe Christoph wrote:
 > -  $script =3D $ENV{'PWD'} .'/'. $script if $script =3D~ m|^\.+/| && $ENV=
 {'PWD'}; # add absolute to relative
 > +  $script =3D $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| && $ENV{'P=
 WD'}; # add absolute to relative
 
 1. Probably you made a typo with that double slash. Now it prepends the
 current directory even if $script is "/a". Also the slash need not be
 esaped, so the correct one is:
 
 $script =3D $ENV{'PWD'} .'/'. $script if $script !~ m|^/| && $ENV{'PWD'}; #=
  add absolute to relative
 
 2. Why do you need to untaint the $script variable in p5-Net-Server? If
 there is some problem in munin-node shouldn't the variable be untainted
 there, thus not changing p5-Net-Server because other software that uses
 p5-Net-Server may depend on that variable being tainted?
 
 3. 2. applies to the $line variable also but I would say that this code:
 
    if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
      my $line =3D do { local $/ =3D undef; <_CMDLINE> };
 +    ($line) =3D $line =3D~ /^(.*)$/; # untaint
 
 is not reached at all, because there is no /proc/ by default in recent
 FreeBSD versions.
 
 What do you think?
 
 --=20
 Vasil Dimov
 
 --k+w/mQv8wyuph6w0
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 
 iD8DBQFD2H9dFw6SP/bBpCARAqNMAJ9sHf9uLZ1QMr1cWds+EwKN//kBmACgn4i6
 N+LCX12nkISFaG6QOKOIYe4=
 =VE9z
 -----END PGP SIGNATURE-----
 
 --k+w/mQv8wyuph6w0--

From: Lupe Christoph <lupe@lupe-christoph.de>
To: vd@FreeBSD.org
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/91872: p5-Net-Server fails to untaint the executable path
Date: Thu, 26 Jan 2006 09:57:42 +0100

 Quoting Vasil Dimov <vd@FreeBSD.org>:
 
 > On Mon, Jan 16, 2006 at 04:44:07PM +0100, Lupe Christoph wrote:
 > > -  $script = $ENV{'PWD'} .'/'. $script if $script =~ m|^\.+/| &&
 > $ENV{'PWD'}; # add absolute to relative
 > > +  $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| &&
 > $ENV{'PWD'}; # add absolute to relative
 
 > 1. Probably you made a typo with that double slash. Now it prepends the
 > current directory even if $script is "/a". Also the slash need not be
 > esaped, so the correct one is:
 
 > $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^/| && $ENV{'PWD'}; # add
 > absolute to relative
 
 I think you're right with this.
 
 > 2. Why do you need to untaint the $script variable in p5-Net-Server? If
 > there is some problem in munin-node shouldn't the variable be untainted
 > there, thus not changing p5-Net-Server because other software that uses
 > p5-Net-Server may depend on that variable being tainted?
 
 Because p5-Net-Server reads the path itself. It is nothing supplied
 by the server-specific code. It is only used by the Net::Server code.
 
 > 3. 2. applies to the $line variable also but I would say that this code:
 
 >    if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
 >      my $line = do { local $/ = undef; <_CMDLINE> };
 > +    ($line) = $line =~ /^(.*)$/; # untaint
 
 > is not reached at all, because there is no /proc/ by default in recent
 > FreeBSD versions.
 
 I used the same changes I sent to the module author. Linux and
 Solaris will have it by default. And FreeBSD machines that do mount
 procfs *will* have /proc/$$/cmdline, AFAIK (I have no access to a
 FreeBSD system where I am now). That means that the code that tries
 to use /proc/$$/cmdline will be used on those machines, and if $line
 is tainted (having been read from a file), so Munin will fail to
 restart. And any other daemon using Net::Server that also uses
 taint mode as it should IMNSHO.
 
 > What do you think?
 
 I think you should correct my mistake with the m|^\//| but leave
 the untainting as it is.
 
 Thank you,
 Luep Christoph
 -- 
 | lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
 | "... putting a mail server on the Internet without filtering is like   |
 | covering yourself with barbecue sauce and breaking into the Charity    |
 | Home for Badgers with Rabies.                            Michael Lucas | 
State-Changed-From-To: open->closed 
State-Changed-By: vd 
State-Changed-When: Thu Jan 26 10:43:39 UTC 2006 
State-Changed-Why:  
Committed with m|^//| changed to m|^/|, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91872 
>Unformatted:
