/[smecontribs]/rpms/smeserver-tw-logonscript/contribs7/smeserver-tw-logonscript-1.3-SecurityFixBatchEdit.patch
ViewVC logotype

Contents of /rpms/smeserver-tw-logonscript/contribs7/smeserver-tw-logonscript-1.3-SecurityFixBatchEdit.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Nov 4 00:42:53 2009 UTC (15 years ago) by chriscosta
Branch: MAIN
CVS Tags: smeserver-tw-logonscript-1_3-12_el4_sme, smeserver-tw-logonscript-1_3-9_el4_sme, smeserver-tw-logonscript-1_3-19_el4_sme, smeserver-tw-logonscript-1_3-20_el4_sme, smeserver-tw-logonscript-1_3-15_el4_sme, smeserver-tw-logonscript-1_3-17_el4_sme, smeserver-tw-logonscript-1_3-14_el4_sme, smeserver-tw-logonscript-1_3-11_el4_sme, smeserver-tw-logonscript-1_3-16_el4_sme, smeserver-tw-logonscript-1_3-13_el4_sme, smeserver-tw-logonscript-1_3-10_el4_sme, HEAD
Batch file security fix

1 --- smeserver-tw-logonscript-1.3/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/ibayletters.pm.SecurityFixBatchEdit 2009-10-29 11:21:00.000000000 +1300
2 +++ smeserver-tw-logonscript-1.3/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/ibayletters.pm 2009-11-04 13:30:35.000000000 +1300
3 @@ -20,7 +20,7 @@
4 use CGI::Carp qw(fatalsToBrowser) ;
5 use Data::Dumper;
6 our @ISA = qw(esmith::FormMagick Exporter);
7 -
8 +use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
9 our @EXPORT = qw(
10 print_ibay_table
11 wherenext
12 @@ -190,6 +190,18 @@
13 $group_name = $1;
14 }
15
16 + if(!getgrnam($group_name)){
17 + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
18 + open LOG, ">>/var/log/netlogon_error.log";
19 + print LOG ($year+1900)."-$mon-$mday at $hour:$min:$sec someone tried to create arbritrary files. Details below:\n";
20 + foreach my $key (sort(keys(%ENV))) {
21 + print LOG "$key = $ENV{$key}\n";
22 + }
23 + print LOG "----------------------------------------------\n";
24 + die('hacking attempt');
25 + }
26 +
27 +
28 my $batchfileName = "/home/e-smith/files/samba/netlogon/custom/$group_name.bat";
29
30

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed