a/delegatepatch

Date:         Thu, 22 Jul 1999 11:42:32 +0900
From:         KOJIMA Hajime <kjm@RINS.RYUKOKU.AC.JP>
Subject:      Re: Delegate creates directories writable for anyone
To:           BUGTRAQ@SECURITYFOCUS.COM

In <Pine.NEB.4.05.9907211352410.16623-100000@klei.intern.polderland.nl>,
Olaf Seibert wrote:
| On 30 june, I wrote (approximately) the following email to the author of
| Delegate, a multi-protocol proxy deamon (ftp, http, telnet, etc). So far
| I have received no reply, so now I'm posting here.

  This is an un-official fix for delegate 5.9.1 that I am using.
  This patch changes mode 777 -> 775, and I put
  "OWNER=delegate/delegate" option for delegated.  Latest delegate
  version is 5.9.3.

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/rary/file.c delegate5.9.1/rary/file.c
--- delegate5.9.1.org/rary/file.c	Mon Mar 15 18:33:28 1999
+++ delegate5.9.1/rary/file.c	Thu Apr 15 09:56:29 1999
@@ -372,7 +372,7 @@
 			tmpdir = "/tmp";
 	}
 	if( !fileIsdir(tmpdir) )
-		mkdir(tmpdir,0777);
+		mkdir(tmpdir,0775);

 	if( path == NULL )
 		path = pathb;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/resolvy/rescache.c delegate5.9.1/resolvy/rescache.c
--- delegate5.9.1.org/resolvy/rescache.c	Mon Jan 11 03:47:49 1999
+++ delegate5.9.1/resolvy/rescache.c	Thu Apr 15 09:57:43 1999
@@ -65,8 +65,8 @@

 	if( fp == NULL && *mode != 'r' ){
 		mkdir(tmpdir,0755);
-		if( mkdir(cdirs,0777) == 0 ) chmod(cdirs,0777);/*ignore umask*/
-		if( mkdir(cdirg,0777) == 0 ){chmod(cdirg,0777);
+		if( mkdir(cdirs,0775) == 0 ) chmod(cdirs,0775);/*ignore umask*/
+		if( mkdir(cdirg,0775) == 0 ){chmod(cdirg,0775);
 			RES_getconf(conf);
 			sprintf(idfile,"%s/config",cdirg);
 			cfp = fopen(idfile,"w");
@@ -81,7 +81,7 @@
 			fputs(conf,cfp);
 			fclose(cfp);
 		}
-		if( mkdir(cdir1,0777) == 0 ) chmod(cdir1,0777);
+		if( mkdir(cdir1,0775) == 0 ) chmod(cdir1,0775);

 		if( (fp = fopen(cpath,mode)) == NULL ){
 			cache_cantopen = time(0);
@@ -89,7 +89,7 @@
 		}
 	}
 	if( fp != NULL && *mode != 'r' )
-		chmod(cpath,0666);
+		chmod(cpath,0664);

 	return fp;
 }
@@ -184,7 +184,7 @@
 				debug(DBG_FORCE,"CACHE cant del.? %s\n",cpath);
 			if( rename(newpath,cpath) == 0 ){
 				debug(DBG_ANY,"CACHE truncated %s\n",cpath);
-				chmod(cpath,0666);
+				chmod(cpath,0664);
 			}
 			if( unlink(newpath) == 0 )
 				debug(DBG_FORCE,"CACHE salvaged %s\n",newpath);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/cache.c delegate5.9.1/src/cache.c
--- delegate5.9.1.org/src/cache.c	Fri Jul 10 18:22:56 1998
+++ delegate5.9.1/src/cache.c	Thu Apr 15 09:54:02 1999
@@ -174,7 +174,7 @@

 	if( dp = strrchr(file,'/') ){
 		*dp = 0;
-		mkdirR(file,0777);
+		mkdirR(file,0775);
 		*dp = '/';
 	}

@@ -731,7 +731,7 @@
 	fclose(cachefp);

 	if( gotok ){
-		if( renameR(xcpath,cpath,0777) == 0 )
+		if( renameR(xcpath,cpath,0775) == 0 )
 			sv1log("CACHE: got = [%d] %s\n",size,cpath);
 		else	sv1log("CACHE: can't link %s => %s\n",cpath,xcpath);
 	}else{
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/delegated.c delegate5.9.1/src/delegated.c
--- delegate5.9.1.org/src/delegated.c	Mon Mar 15 19:18:15 1999
+++ delegate5.9.1/src/delegated.c	Thu Apr 15 09:54:16 1999
@@ -3473,7 +3473,7 @@
 			fprintf(stderr,"WORKDIR=%s\n",wdir);
 	}

-	mkdirR(wdir,0777);
+	mkdirR(wdir,0775);
 	getcwd(cwd,sizeof(cwd));
 	originWD = strdup(cwd);

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/editconf.c delegate5.9.1/src/editconf.c
--- delegate5.9.1.org/src/editconf.c	Tue Oct  6 15:51:05 1998
+++ delegate5.9.1/src/editconf.c	Thu Apr 15 09:55:18 1999
@@ -370,7 +370,7 @@
 			fprintf(stderr,"#### %s\n",msg);
 			YesOrNo(stderr,stdin,"#### Create Cachedir",yn);
 			if( yn[0] == 'y' )
-			if( mkdirR(sdir,0777) == 0 ){
+			if( mkdirR(sdir,0775) == 0 ){
 				fprintf(stderr,"#### Created: %s\n",sdir);
 				sv1log("#### CACHEDIR created: %s\n",sdir);
 				return 0;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/log.c delegate5.9.1/src/log.c
--- delegate5.9.1.org/src/log.c	Mon Mar 15 19:39:35 1999
+++ delegate5.9.1/src/log.c	Thu Apr 15 09:55:35 1999
@@ -410,7 +410,7 @@
 loglog("AGEFILE(%x,%s,%s,%s,%s) %d\n",ofp,file,current,mode,tmpdir,was_active);

 	unlink(current);
-	linkR(file,current,0777); /* should use symbolic link ? */
+	linkR(file,current,0775); /* should use symbolic link ? */

 REOPEN:
 	nfp = fopen(file,mode);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/nntp.c delegate5.9.1/src/nntp.c
--- delegate5.9.1.org/src/nntp.c	Fri Mar  5 17:08:41 1999
+++ delegate5.9.1/src/nntp.c	Thu Apr 15 09:55:57 1999
@@ -5266,7 +5266,7 @@

 	if( 0 < xsize ){
 		sprintf(apath1,"%s#",apath);
-		if( linkR(xapath,apath1,0777) != 0 ){
+		if( linkR(xapath,apath1,0775) != 0 ){
 			sv1log("#### linkR(%s,%s) failed(%d).\n",
 				xapath,apath1,errno);
 			return afp;
@@ -5295,7 +5295,7 @@
 	}else{
 		if( xsize == 0 )
 			unlink(xapath);
-		linkR(apath,xapath,0777);
+		linkR(apath,xapath,0775);
 		sv1log("LINKED-2 [%s] from [%s]\n",apath,xapath);
 	}

diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/uns.c delegate5.9.1/src/uns.c
--- delegate5.9.1.org/src/uns.c	Tue Aug  4 22:41:29 1998
+++ delegate5.9.1/src/uns.c	Thu Apr 15 09:56:11 1999
@@ -165,7 +165,7 @@
 		if( dp = strrpbrk(dir,"/\\") )
 			*dp = 0;
 		if( !fileIsdir(dir) ){
-			mkdirR(dir,0777);
+			mkdirR(dir,0775);
 			if( !fileIsdir(dir) )
 				errlog("bind_un: cannot mkdir %s\n",dir);
 		}

  This patch was posted to delegate ML at Tue, 20 Apr 1999 19:36:02
  JST.  You can see my post at:

<http://www.delegate.org/delegate/ml/archive/081/03>

  Caution: Above URL is written in japanese, ISO-2022-JP encoding.

----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/