/[smecontribs]/rpms/smeserver-tw-logonscript/contribs7/smeserver-tw-logonscript-1.3-SecurityFixBatchEdit.patch
ViewVC logotype

Annotation of /rpms/smeserver-tw-logonscript/contribs7/smeserver-tw-logonscript-1.3-SecurityFixBatchEdit.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Nov 4 00:42:53 2009 UTC (15 years ago) by chriscosta
Branch: MAIN
CVS Tags: smeserver-tw-logonscript-1_3-12_el4_sme, smeserver-tw-logonscript-1_3-9_el4_sme, smeserver-tw-logonscript-1_3-19_el4_sme, smeserver-tw-logonscript-1_3-20_el4_sme, smeserver-tw-logonscript-1_3-15_el4_sme, smeserver-tw-logonscript-1_3-17_el4_sme, smeserver-tw-logonscript-1_3-14_el4_sme, smeserver-tw-logonscript-1_3-11_el4_sme, smeserver-tw-logonscript-1_3-16_el4_sme, smeserver-tw-logonscript-1_3-13_el4_sme, smeserver-tw-logonscript-1_3-10_el4_sme, HEAD
Batch file security fix

1 chriscosta 1.1 --- smeserver-tw-logonscript-1.3/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/ibayletters.pm.SecurityFixBatchEdit 2009-10-29 11:21:00.000000000 +1300
2     +++ smeserver-tw-logonscript-1.3/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/ibayletters.pm 2009-11-04 13:30:35.000000000 +1300
3     @@ -20,7 +20,7 @@
4     use CGI::Carp qw(fatalsToBrowser) ;
5     use Data::Dumper;
6     our @ISA = qw(esmith::FormMagick Exporter);
7     -
8     +use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
9     our @EXPORT = qw(
10     print_ibay_table
11     wherenext
12     @@ -190,6 +190,18 @@
13     $group_name = $1;
14     }
15    
16     + if(!getgrnam($group_name)){
17     + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
18     + open LOG, ">>/var/log/netlogon_error.log";
19     + print LOG ($year+1900)."-$mon-$mday at $hour:$min:$sec someone tried to create arbritrary files. Details below:\n";
20     + foreach my $key (sort(keys(%ENV))) {
21     + print LOG "$key = $ENV{$key}\n";
22     + }
23     + print LOG "----------------------------------------------\n";
24     + die('hacking attempt');
25     + }
26     +
27     +
28     my $batchfileName = "/home/e-smith/files/samba/netlogon/custom/$group_name.bat";
29    
30    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed