slocate: update to 3.1
This commit is contained in:
parent
8bcb361872
commit
ae3ae2ac7a
@ -2,14 +2,17 @@ drwxr-xr-x root/root etc/
|
||||
drwxr-xr-x root/root etc/cron/
|
||||
drwxr-xr-x root/root etc/cron/daily/
|
||||
-rwxr-xr-x root/root etc/cron/daily/slocate
|
||||
-rw-r--r-- root/root etc/updatedb.conf
|
||||
drwxr-xr-x root/root usr/
|
||||
drwxr-xr-x root/root usr/bin/
|
||||
lrwxrwxrwx root/root usr/bin/locate -> slocate
|
||||
-rwxr-sr-x root/slocate usr/bin/slocate
|
||||
lrwxrwxrwx root/root usr/bin/updatedb -> slocate
|
||||
drwxr-xr-x root/root usr/man/
|
||||
drwxr-xr-x root/root usr/man/man1/
|
||||
lrwxrwxrwx root/root usr/man/man1/locate.1.gz -> slocate.1.gz
|
||||
-rw-r--r-- root/root usr/man/man1/slocate.1.gz
|
||||
-rw-r--r-- root/root usr/man/man1/updatedb.1.gz
|
||||
drwxr-xr-x root/root var/
|
||||
drwxr-xr-x root/root var/lib/
|
||||
drwxr-x--- root/slocate var/lib/slocate/
|
||||
|
@ -1,3 +1,4 @@
|
||||
5cf4f530f0a5b78967bf8f43a3fea617 slocate
|
||||
660bf796027941744970242c7cd4ac70 slocate-2.7.patch
|
||||
4872830642ea2ed5f9aff932720583c9 slocate-2.7.tar.gz
|
||||
7aa005d9c9f39f18896e68af6cb301f0 CVE-2007-0227.patch
|
||||
8f0b2571a7a6abf2cb519f85c5225436 slocate
|
||||
69b45865ebce0cbfeb430381f0eb8b51 slocate_3.1.orig.tar.gz
|
||||
4203633cf028280a596b00b33455c181 updatedb.conf
|
||||
|
42
slocate/CVE-2007-0227.patch
Normal file
42
slocate/CVE-2007-0227.patch
Normal file
@ -0,0 +1,42 @@
|
||||
--- slocate-3.1.orig/src/utils.c
|
||||
+++ slocate-3.1/src/utils.c
|
||||
@@ -524,6 +524,7 @@
|
||||
{
|
||||
struct stat path_stat;
|
||||
int ret = 0;
|
||||
+ char *path_copy = NULL;
|
||||
char *ptr = NULL;
|
||||
|
||||
if (lstat(path, &path_stat) == -1)
|
||||
@@ -532,15 +533,25 @@
|
||||
if (!S_ISLNK(path_stat.st_mode)) {
|
||||
if (access(path, F_OK) != 0)
|
||||
goto EXIT;
|
||||
- } else if ((ptr = rindex(path, '/'))) {
|
||||
- *ptr = 0;
|
||||
- if (access(path, F_OK) == 0)
|
||||
- ret = 1;
|
||||
- *ptr = '/';
|
||||
- goto EXIT;
|
||||
}
|
||||
|
||||
+ /* "path" is const, so we shouldn't modify it. Also, for speed,
|
||||
+ * I suspect strdup/free is less expensive than the deep access
|
||||
+ * checks... */
|
||||
+ if (!(path_copy = strdup(path)))
|
||||
+ goto EXIT;
|
||||
+
|
||||
ret = 1;
|
||||
+
|
||||
+ /* Each directory leading to the file (symlink or not) must be
|
||||
+ * readable for us to allow it to be listed in search results. */
|
||||
+ while (ret && (ptr=rindex(path_copy,'/'))) {
|
||||
+ *ptr=0;
|
||||
+ if (*path_copy && access(path_copy, R_OK) != 0)
|
||||
+ ret = 0;
|
||||
+ }
|
||||
+ free(path_copy);
|
||||
+
|
||||
EXIT:
|
||||
return ret;
|
||||
}
|
@ -1,28 +1,33 @@
|
||||
# Description: Secure version of the GNU locate program
|
||||
# URL: ftp://ftp.geekreview.org/slocate/
|
||||
# URL: http://packages.debian.org/unstable/utils/slocate
|
||||
# Maintainer: CRUX System Team, core-ports at crux dot nu
|
||||
|
||||
name=slocate
|
||||
version=2.7
|
||||
release=3
|
||||
source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz \
|
||||
$name-$version.patch slocate)
|
||||
version=3.1
|
||||
release=1
|
||||
source=(http://ftp.debian.org/debian/pool/main/s/$name/${name}_${version}.orig.tar.gz \
|
||||
slocate updatedb.conf CVE-2007-0227.patch)
|
||||
|
||||
build() {
|
||||
cd $name-$version
|
||||
patch -p1 < ../$name-$version.patch
|
||||
touch Makefile.in
|
||||
./configure --prefix=/usr
|
||||
make
|
||||
mkdir -p $PKG/usr/bin $PKG/usr/man/man1 \
|
||||
$PKG/var/lib/slocate $PKG/etc/cron/daily
|
||||
touch slocate.db
|
||||
chmod 0750 $PKG/var/lib/slocate
|
||||
chgrp slocate $PKG/var/lib/slocate
|
||||
install -m 0640 -g slocate slocate.db $PKG/var/lib/slocate/slocate.db
|
||||
install -m 2755 -g slocate slocate $PKG/usr/bin/slocate
|
||||
install -m 0755 ../slocate $PKG/etc/cron/daily/slocate
|
||||
install -m 0644 doc/slocate.1.linux.gz $PKG/usr/man/man1/slocate.1.gz
|
||||
|
||||
patch -p1 -i $SRC/CVE-2007-0227.patch
|
||||
sed -i "s/-O2/$CFLAGS/" src/Makefile
|
||||
|
||||
make -j1
|
||||
|
||||
install -D -m 2755 -g slocate src/slocate $PKG/usr/bin/slocate
|
||||
ln -sf slocate $PKG/usr/bin/locate
|
||||
ln -sf slocate $PKG/usr/bin/updatedb
|
||||
|
||||
touch slocate.db
|
||||
install -d -m 0750 -g slocate $PKG/var/lib/slocate
|
||||
install -m 0640 -g slocate slocate.db $PKG/var/lib/slocate
|
||||
|
||||
install -D -m 0755 $SRC/slocate $PKG/etc/cron/daily/slocate
|
||||
install -m 0644 $SRC/updatedb.conf $PKG/etc
|
||||
|
||||
install -D -m 0644 doc/slocate.1 $PKG/usr/man/man1/slocate.1
|
||||
install -m 0644 doc/updatedb.1 $PKG/usr/man/man1
|
||||
ln -sf slocate.1.gz $PKG/usr/man/man1/locate.1.gz
|
||||
}
|
||||
|
5
slocate/slocate
Executable file → Normal file
5
slocate/slocate
Executable file → Normal file
@ -1,9 +1,8 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# /etc/cron/daily/slocate: update the slocate database
|
||||
# /etc/cron/daily/updatedb: update the slocate database
|
||||
#
|
||||
|
||||
/usr/bin/slocate -u -f proc,nfs,smbfs,autofs,auto,iso9660 \
|
||||
-e /tmp,/var/tmp,/var/spool,/mnt
|
||||
/usr/bin/updatedb
|
||||
|
||||
# End of file
|
||||
|
@ -1,93 +0,0 @@
|
||||
CAN-2003-0848: 'slocate' sgid privileges are now dropped when
|
||||
searching databases that are not part of the 'slocate' group. This
|
||||
will prevent malicious user supplied databases from giving access to
|
||||
the 'slocate' group. Patch from Kevin Lindsay <klindsay@debian.org>
|
||||
|
||||
diff -ru slocate-2.7/main.c slocate-2.7-new/main.c
|
||||
--- slocate-2.7/main.c 2003-01-25 05:39:48.000000000 +0100
|
||||
+++ slocate-2.7-new/main.c 2004-03-28 12:01:45.256631896 +0200
|
||||
@@ -342,6 +342,9 @@
|
||||
char *part;
|
||||
int i;
|
||||
int res_errno;
|
||||
+ char *tmp_ptr = NULL;
|
||||
+ int last_sgid = 0;
|
||||
+ struct stat db_stat;
|
||||
|
||||
/* Make sure path is not empty */
|
||||
if (!path || strlen(path) == 0) return;
|
||||
@@ -385,6 +388,28 @@
|
||||
|
||||
/* Null terminate array */
|
||||
SLOCATE_PATH[i] = NULL;
|
||||
+
|
||||
+ /* Sort sgid slocate db's to the top */
|
||||
+ for (i = 0; SLOCATE_PATH[i]; i++) {
|
||||
+ if (stat(SLOCATE_PATH[i], &db_stat) == -1)
|
||||
+ report_error(FATAL, QUIET, "%s: Could not stat DB: %s: %s\n", progname, SLOCATE_PATH[i], strerror(errno));
|
||||
+
|
||||
+ if (db_stat.st_gid != SLOC_GID)
|
||||
+ continue;
|
||||
+
|
||||
+ if (i != last_sgid) {
|
||||
+ tmp_ptr = SLOCATE_PATH[last_sgid];
|
||||
+ SLOCATE_PATH[last_sgid] = SLOCATE_PATH[i];
|
||||
+ SLOCATE_PATH[i] = tmp_ptr;
|
||||
+ }
|
||||
+
|
||||
+ last_sgid += 1;
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+ /* for (i = 0; SLOCATE_PATH[i]; i++)
|
||||
+ printf("%s\n", SLOCATE_PATH[i]); */
|
||||
+
|
||||
}
|
||||
|
||||
/* Parse Dash */
|
||||
@@ -1154,6 +1179,22 @@
|
||||
char *cp=NULL;
|
||||
#endif
|
||||
char *bucket_of_holding=NULL;
|
||||
+ gid_t cur_gid;
|
||||
+ struct stat db_stat;
|
||||
+
|
||||
+ cur_gid = getegid();
|
||||
+
|
||||
+ if (stat(database, &db_stat) == -1)
|
||||
+ report_error(FATAL, QUIET, "%s: Could not stat '%d': %s\n", progname, strerror(errno));
|
||||
+
|
||||
+ /* If the database's file group is not apart of the 'slocate' group,
|
||||
+ * drop privileges. When multiple databases are specified, the ones
|
||||
+ * apart of the 'slocate' group will be searched first before the
|
||||
+ * privileges are dropped. */
|
||||
+ if (cur_gid == SLOC_GID && db_stat.st_gid != SLOC_GID) {
|
||||
+ if (setgid(GID) == -1)
|
||||
+ report_error(FATAL, QUIET, "%s: Could not drop privileges.", progname);
|
||||
+ }
|
||||
|
||||
if ((fd = open(database,O_RDONLY)) == -1) {
|
||||
report_error(WARNING,QUIET,"%s: decode_db(): %s: %s\n",progname,database,strerror(errno));
|
||||
@@ -1411,6 +1452,9 @@
|
||||
/* Get user IDs */
|
||||
UID = getuid();
|
||||
GID = getgid();
|
||||
+
|
||||
+ /* Get the 'slocate' group GID */
|
||||
+ SLOC_GID = get_gid(GRPFILE);
|
||||
|
||||
/* Add the LOCATE_PATH environment variable to the list of databases to search in */
|
||||
parse_decode_path(getenv("LOCATE_PATH"));
|
||||
@@ -1535,11 +1579,7 @@
|
||||
* with the -d option, etc */
|
||||
|
||||
if (ADD_SLOCATEDB)
|
||||
- parse_decode_path(SLOCATEDB);
|
||||
-
|
||||
- /* Get the 'slocate' group GID */
|
||||
- SLOC_GID = get_gid(GRPFILE);
|
||||
-
|
||||
+ parse_decode_path(SLOCATEDB);
|
||||
|
||||
/* if the -U option has been used, start to create the database at specified path */
|
||||
if (SPECDIR)
|
13
slocate/updatedb.conf
Normal file
13
slocate/updatedb.conf
Normal file
@ -0,0 +1,13 @@
|
||||
#
|
||||
# /etc/updatedb.conf
|
||||
#
|
||||
# This file sets environment variables which are
|
||||
# used by updatedb and slocate -u
|
||||
|
||||
# filesystems which are pruned from updatedb database
|
||||
PRUNEFS="nfs afs proc smbfs autofs auto iso9660"
|
||||
export PRUNEFS
|
||||
|
||||
# paths which are pruned from updatedb database
|
||||
PRUNEPATHS="/tmp /var/tmp /var/spool /mnt"
|
||||
export PRUNEPATHS
|
Loading…
Reference in New Issue
Block a user