smeserver-vacation/contribs9/smeserver-vacation-1.1-bz9073-race.condition.vulnarability.patch

diff -Nur smeserver-vacation-1.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm smeserver-vacation-1.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm
--- smeserver-vacation-1.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm        2017-01-16 16:12:48.728000000 -0500
+++ smeserver-vacation-1.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm    2017-01-16 16:32:49.593000000 -0500
@@ -414,14 +414,33 @@
     $vacation_text =~ s/\r//g;
 
     unlink $vfile;
+    # for the next lines to avoid race condition vulnerability, we switch the effective user to 
+    # the one needed see SME #9073 . Those 4 lines are for explanation of the used variables.
+    #$< - real user id (uid); unique value
+    #$> - effective user id (euid); unique value
+    #$( - real group id (gid); list (separated by spaces) of groups
+    #$) - effective group id (egid); list (separated by spaces) of groups
+
+    # remember the UID of the user currently running this script
+    my $original_uid = $>;
+    my $original_gid = $);
+
+    # switch effective UID running this script to $user
+    # in order to prevent race condition vulnerability
+    my $uid = getpwnam($user) or die "Could not get UID for $user\n";
+    my $gid = getgrnam($user) or die "Could not get GID for $user\n";
+    $) = $gid;# should be switched first while still root!
+    $> = $uid;
+
     open (VACATION, ">$vfile")
       or die ("Error opening vacation message.\n");
 
     print VACATION "$vacation_text";
     close VACATION;
 
-    esmith::util::chownFile($user, $user,
-    "/home/e-smith/files/users/$user/.vacation.msg");
+    # switch effective UID and GID back to original user
+    $> = $original_uid;
+    $) = $original_gid;
 
     $adb->set_prop($user, 'EmailVacation', $EmailVacation);
     $adb->set_prop($user, 'EmailVacationFrom', $EmailVacationFrom);
1	unnilennium	1.1	diff -Nur smeserver-vacation-1.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm smeserver-vacation-1.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm
2			--- smeserver-vacation-1.1.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm 2017-01-16 16:12:48.728000000 -0500
3			+++ smeserver-vacation-1.1/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/uservacations.pm 2017-01-16 16:32:49.593000000 -0500
4			@@ -414,14 +414,33 @@
5			$vacation_text =~ s/\r//g;
6
7			unlink $vfile;
8			+ # for the next lines to avoid race condition vulnerability, we switch the effective user to
9			+ # the one needed see SME #9073 . Those 4 lines are for explanation of the used variables.
10			+ #$< - real user id (uid); unique value
11			+ #$> - effective user id (euid); unique value
12			+ #$( - real group id (gid); list (separated by spaces) of groups
13			+ #$) - effective group id (egid); list (separated by spaces) of groups
14			+
15			+ # remember the UID of the user currently running this script
16			+ my $original_uid = $>;
17			+ my $original_gid = $);
18			+
19			+ # switch effective UID running this script to $user
20			+ # in order to prevent race condition vulnerability
21			+ my $uid = getpwnam($user) or die "Could not get UID for $user\n";
22			+ my $gid = getgrnam($user) or die "Could not get GID for $user\n";
23			+ $) = $gid;# should be switched first while still root!
24			+ $> = $uid;
25			+
26			open (VACATION, ">$vfile")
27			or die ("Error opening vacation message.\n");
28
29			print VACATION "$vacation_text";
30			close VACATION;
31
32			- esmith::util::chownFile($user, $user,
33			- "/home/e-smith/files/users/$user/.vacation.msg");
34			+ # switch effective UID and GID back to original user
35			+ $> = $original_uid;
36			+ $) = $original_gid;
37
38			$adb->set_prop($user, 'EmailVacation', $EmailVacation);
39			$adb->set_prop($user, 'EmailVacationFrom', $EmailVacationFrom);