From 66391bf069c435d432cbd6e905e8ceff6701af80 Mon Sep 17 00:00:00 2001 From: Eric Allman Date: Sun, 12 Jul 1992 13:59:40 -0800 Subject: [PATCH 1/1] security hacks: make F .cf line a little more careful; don't close more than 256 files SCCS-vsn: usr.sbin/sendmail/src/main.c 5.51 SCCS-vsn: usr.sbin/sendmail/src/readcf.c 5.40 --- usr/src/usr.sbin/sendmail/src/main.c | 13 +++++++-- usr/src/usr.sbin/sendmail/src/readcf.c | 39 ++++++++++++++++++-------- 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/usr/src/usr.sbin/sendmail/src/main.c b/usr/src/usr.sbin/sendmail/src/main.c index e402abe963..1751303426 100644 --- a/usr/src/usr.sbin/sendmail/src/main.c +++ b/usr/src/usr.sbin/sendmail/src/main.c @@ -13,7 +13,7 @@ char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 5.50 (Berkeley) %G%"; +static char sccsid[] = "@(#)main.c 5.51 (Berkeley) %G%"; #endif /* not lint */ #define _DEFINE @@ -121,6 +121,7 @@ main(argc, argv, envp) bool readconfig = TRUE; bool queuemode = FALSE; /* process queue requests */ bool nothaw; + bool safecf = TRUE; static bool reenter = FALSE; char jbuf[60]; /* holds MyHostName */ extern bool safefile(); @@ -171,7 +172,12 @@ main(argc, argv, envp) i = open("/dev/null", O_RDWR); while (i >= 0 && i < 2) i = dup(i); - for (i = getdtablesize(); i > 2; --i) + i = getdtablesize(); + + /* in 4.4BSD, the table can be huge; impose a reasonable limit */ + if (i > 256) + i = 256; + while (--i > 2) (void) close(i); errno = 0; @@ -216,6 +222,7 @@ main(argc, argv, envp) ConfFile = "sendmail.cf"; (void) setgid(getrgid()); (void) setuid(getruid()); + safecf = FALSE; nothaw = TRUE; } else if (strncmp(p, "-bz", 3) == 0) @@ -501,7 +508,7 @@ main(argc, argv, envp) */ if (OpMode == MD_FREEZE || readconfig) - readcf(ConfFile); + readcf(ConfFile, safecf); if (ConfigLevel > MAXCONFIGLEVEL) { diff --git a/usr/src/usr.sbin/sendmail/src/readcf.c b/usr/src/usr.sbin/sendmail/src/readcf.c index de42dee225..a9a7ace75a 100644 --- a/usr/src/usr.sbin/sendmail/src/readcf.c +++ b/usr/src/usr.sbin/sendmail/src/readcf.c @@ -7,11 +7,12 @@ */ #ifndef lint -static char sccsid[] = "@(#)readcf.c 5.39 (Berkeley) %G%"; +static char sccsid[] = "@(#)readcf.c 5.40 (Berkeley) %G%"; #endif /* not lint */ # include "sendmail.h" # include +# include /* ** READCF -- read control file. @@ -46,6 +47,8 @@ static char sccsid[] = "@(#)readcf.c 5.39 (Berkeley) %G%"; ** ** Parameters: ** cfname -- control file name. +** safe -- TRUE if this is the system config file; +** FALSE otherwise. ** ** Returns: ** none. @@ -56,6 +59,7 @@ static char sccsid[] = "@(#)readcf.c 5.39 (Berkeley) %G%"; readcf(cfname) char *cfname; + bool safe; { FILE *cf; int ruleset = 0; @@ -243,7 +247,7 @@ readcf(cfname) while (isspace(*++p)) continue; } - fileclass(buf[1], &buf[2], p); + fileclass(buf[1], &buf[2], p, safe); break; } @@ -372,21 +376,35 @@ toomany(id, maxcnt) ** the named class. */ -fileclass(class, filename, fmt) +fileclass(class, filename, fmt, safe) int class; char *filename; char *fmt; + bool safe; { FILE *f; + struct stat stbuf; char buf[MAXLINE]; - if (filename[0] == '|') - f = popen(filename + 1, "r"); - else - f = fopen(filename, "r"); + if (stat(filename, &stbuf) < 0) + { + syserr("fileclass: cannot stat %s", filename); + return; + } + if (!S_ISREG(stbuf.st_mode)) + { + syserr("fileclass: %s not a regular file", filename); + return; + } + if (!safe && access(filename, R_OK) < 0) + { + syserr("fileclass: access denied on %s", filename); + return; + } + f = fopen(filename, "r"); if (f == NULL) { - syserr("cannot open %s", filename); + syserr("fileclass: cannot open %s", filename); return; } @@ -431,10 +449,7 @@ fileclass(class, filename, fmt) } } - if (filename[0] == '|') - (void) pclose(f); - else - (void) fclose(f); + (void) fclose(f); } /* ** MAKEMAILER -- define a new mailer. -- 2.20.1