[Cooker] [patch] for msec

Bryan Paxton Mon, 28 Jan 2002 14:17:46 -0800

APPLOGIES:
It has been a while since I've participated in any mdk devel, or for
that matter cooker, so I was not sure who maitained this software (I
know Yoann is busy with prelude), and it's package maintainer anymore,
thus why I'm sending this info here.


 Below is a patch for msec, which adds a new function find_lib(), the
previous way of checking one source location is/was a "BAD" idea (had to
find out the hard way during BUS dev : p). Specifically, if a user
compiles libsafe on their own, vs. your binary, the lib might be anyway.
So, the function search the primary lib dirs, and then continues on with
normal function (found? Ask; Not found? Don't ask).
 This should actually be futher implemented to binaries on the machine.
Also, this patch adds level 3 on as a true for RootSshLogin (). Level
three was designed to be the safe medium, with the other two levels
below and above, extremes. Allowing root login is not within a safe
medium. 
 Last note, the ctools and ntools scheme doesn't work (at least not the
way it should). Thus, why it was included in the TODO (by me). Either
the implemention needs to be reworked regarding that whole perm scheme,
or it needs to be reverted back to how it originally was. I was going to
attend to this today, instead of noting about it, but I have to go for
now : )


Cheers

--__Begin__PATCH__--

diff -urN msec-0.18/init-sh/custom.sh msec/init-sh/custom.sh
--- msec-0.18/init-sh/custom.sh Sat Dec  1 23:55:23 2001
+++ msec/init-sh/custom.sh      Mon Jan 28 11:26:49 2002
@@ -81,7 +81,8 @@
 fi
 ###
 
-if [[ -f /lib/libsafe.so.2 ]]; then
+find_lib libsafe.so.2
+if [[ ${FE} == true ]]; then
 echo "Do you want to enable the libsafe stack overflow protection ?"
 echo "This stack overflow protection work by catching dangerous function call"
 echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf"
@@ -90,7 +91,7 @@
 echo "destination address, and by substracting the frame address to the destination 
buffer one" 
 WaitAnswer; clear
 if [[ ${answer} == yes ]]; then
-       AddRules "/lib/libsafe.so.2" /etc/ld.so.preload
+       AddRules ${f_lib} /etc/ld.so.preload
 fi
 fi
 
diff -urN msec-0.18/init-sh/lib.sh msec/init-sh/lib.sh
--- msec-0.18/init-sh/lib.sh    Thu Jan 17 11:22:55 2002
+++ msec/init-sh/lib.sh Mon Jan 28 11:35:35 2002
@@ -299,7 +299,7 @@
 
 RootSshLogin () {
        echo -n "Setting up the root ssh login : "
-       if [[ $1 == 4 || $1 == 5 || $1 == snf ]]; then
+       if [[ $1 == 3 || $1 == 4 || $1 == 5 || $1 == snf ]]; then
                /bin/sed 's/PermitRootLogin yes/PermitRootLogin no/' < 
/etc/ssh/sshd_config > /etc/ssh/sshd_config.new
                mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
                chmod 0600 /etc/ssh/sshd_config
@@ -337,6 +337,27 @@
        fi
 }
 
+
+# Safer way to find libs to be appended to to ld.so.preload (e.g., libsafe) 
+find_lib() {
+                export FE=NULL
+                declare -a spath
+                spath=("/lib/" "/usr/lib/" "/usr/local/lib/")
+                for i in ${spath[@]}
+do
+                if [[ -f ${i}${1} ]]
+                then
+                                export f_lib=${i}${1}
+                                export FE=true
+                                break
+                else
+                                export FE=false
+                                break
+                fi
+done
+}
+
+
 # If we are currently installing our
 # system with DrakX, we don't ask anything to the user...
 # Instead, DrakX does it and gives us a file with some variables.
@@ -403,7 +424,6 @@
 groupadd -g 33 ntools >& /dev/null
 groupadd -g 34 ctools >& /dev/null
 groupadd -g 81 audio >& /dev/null
-
 usermod -G xgrp xfs
 
 /usr/share/msec/grpuser.sh --clean
diff -urN msec-0.18/init-sh/lib.sh.usermode msec/init-sh/lib.sh.usermode
--- msec-0.18/init-sh/lib.sh.usermode   Thu Jan 17 11:22:55 2002
+++ msec/init-sh/lib.sh.usermode        Mon Jan 28 11:35:58 2002
@@ -301,6 +301,29 @@
 }
 

+
+# Safer way to find libs to be appended to to ld.so.preload (e.g., libsafe)
+find_lib() {
+                export FE=NULL
+                declare -a spath
+                spath=("/lib/" "/usr/lib/" "/usr/local/lib/")
+                for i in ${spath[@]}
+do
+                if [[ -f ${i}${1} ]]
+                then
+                                export f_lib=${i}${1}
+                                export FE=true
+                                break
+                else
+                                export FE=false
+                                break
+                fi
+done
+}
+
+
+
+
 # If we are currently installing our
 # system with DrakX, we don't ask anything to the user...
 # Instead, DrakX does it and gives us a file with some variables.
@@ -348,7 +371,6 @@
 groupadd -g 33 ntools >& /dev/null
 groupadd -g 34 ctools >& /dev/null
 groupadd -g 81 audio >& /dev/null
-
 usermod -G xgrp xfs
 
 /usr/share/msec/grpuser.sh --clean

---___END_PATCH___---


-- 
Bryan Paxton
Public PGP key: http://www.deadhorse.net/bpaxton.gpg

"Winning gives birth to hostility. Losing, one lies down in pain. The
calmed lie down with ease, having set winning & losing aside." -- Dhp.
201

[Cooker] [patch] for msec

Reply via email to