On Sun, 26 Jun 2011 13:26:11 +0200
Elias Oltmanns <e...@nebensachen.de> wrote:
I fail to see why the maintenance script should leak passwords? Can you provide
a scenario in which the password would be leaked?
> ---
> contrib/dspam_maintenance/dspam_maintenance.sh | 20 +++++++++++---------
> 1 files changed, 11 insertions(+), 9 deletions(-)
>
> diff --git a/contrib/dspam_maintenance/dspam_maintenance.sh
> b/contrib/dspam_maintenance/dspam_maintenance.sh
> index a82097a..5812a6d 100755
> --- a/contrib/dspam_maintenance/dspam_maintenance.sh
> +++ b/contrib/dspam_maintenance/dspam_maintenance.sh
> @@ -25,6 +25,7 @@
> ###
>
> DSPAM_CONFIGDIR=""
> +INCLUDE_DIRS=""
> DSPAM_HOMEDIR=""
> DSPAM_PURGE_SCRIPT_DIR=""
> DSPAM_BIN_DIR=""
> @@ -191,8 +192,6 @@ check_for_tool() {
> #
> read_dspam_params() {
> local PARAMETER VALUE
> - local INCLUDE_DIRS
> - INCLUDE_DIRS=$(awk "BEGIN { IGNORECASE=1; } \$1==\"Include\" { print
> \$2 \"/*.conf\"; }" "${DSPAM_CONFIGDIR}/dspam.conf" 2>/dev/null)
> for PARAMETER in $@ ; do
> VALUE=$(awk "BEGIN { IGNORECASE=1; } \$1==\"${PARAMETER}\" {
> print \$2; exit; }" "${DSPAM_CONFIGDIR}/dspam.conf" ${INCLUDE_DIRS[@]}
> 2>/dev/null)
> [ ${?} = 0 ] || return 1
> @@ -328,7 +327,8 @@ clean_mysql_drv() {
>
> # Construct mysql command line
> echo "[client]">"${DSPAM_CRON_TMPFILE}"
> - if ( echo ${MySQLPass} 2>&1 | grep -q '#\|\\\\\|\"\|\$' )
> + MySQLQuotePass=""
> + if [ "${MySQLPass}" != "${MySQLPass/[#\\\"\$]/}" ]
> then
> if [ "${DSPAM_MySQL_INT}" -lt "262160" ]
> then
> @@ -337,13 +337,13 @@ clean_mysql_drv() {
> echo " You will most likely have an
> authentication issue/failure with the"
> echo " currently used MySQL DSPAM
> password and your current MySQL version."
> fi
> - echo
> "password=${MySQLPass}">>"${DSPAM_CRON_TMPFILE}"
> else
> - echo
> "password='${MySQLPass}'">>"${DSPAM_CRON_TMPFILE}"
> + MySQLQuotePass="'"
> fi
> - else
> - echo "password=${MySQLPass}">>"${DSPAM_CRON_TMPFILE}"
> fi
> + echo -n "password=${MySQLQuotePass}">>"${DSPAM_CRON_TMPFILE}"
> + awk "BEGIN { IGNORECASE=1; ORS=\"\"; }
> \$1==\"MySQLPass${PROFILE}\" { gsub(\"^\\\"|\\\"$\", \"\", \$2); print \$2
> >>\"${DSPAM_CRON_TMPFILE}\"; exit; }" "${DSPAM_CONFIGDIR}/dspam.conf"
> ${INCLUDE_DIRS[@]} 2>/dev/null
> + echo "${MySQLQuotePass}">>"${DSPAM_CRON_TMPFILE}"
> DSPAM_MySQL_CMD="${MYSQL_BIN_DIR}/mysql"
> DSPAM_MySQL_CMD="${DSPAM_MySQL_CMD}
> --defaults-file=${DSPAM_CRON_TMPFILE}"
> DSPAM_MySQL_CMD="${DSPAM_MySQL_CMD} --silent"
> @@ -400,7 +400,7 @@ clean_pgsql_drv() {
> #
> [ "${VERBOSE}" = "true" ] && echo "Running PostgreSQL storage driver
> data cleanup"
> if [ "${USE_SQL_PURGE}" = "true" ] && \
> - read_dspam_params PgSQLServer${PROFILE} PgSQLPort${PROFILE}
> PgSQLUser${PROFILE} PgSQLPass${PROFILE} PgSQLDb${PROFILE} && \
> + read_dspam_params PgSQLServer${PROFILE} PgSQLPort${PROFILE}
> PgSQLUser${PROFILE} PgSQLDb${PROFILE} && \
> [ -n "${PgSQLServer}" -a -n "${PgSQLUser}" -a -n "${PgSQLDb}" ]
> then
> for foo in ${PGSQL_BIN_DIR} /usr/bin /usr/local/bin /usr/sbin
> /usr/local/sbin
> @@ -486,7 +486,8 @@ clean_pgsql_drv() {
> fi
>
> # Construct psql command line
> - echo
> "*:*:${PgSQLDb}:${PgSQLUser}:${PgSQLPass}">"${DSPAM_CRON_TMPFILE}"
> + echo -n "*:*:${PgSQLDb}:${PgSQLUser}:">"${DSPAM_CRON_TMPFILE}"
> + awk "BEGIN { IGNORECASE=1; } \$1==\"PgSQLPass${PROFILE}\" {
> gsub(\"^\\\"|\\\"$\", \"\", \$2); print \$2 >>\"${DSPAM_CRON_TMPFILE}\";
> exit; }" "${DSPAM_CONFIGDIR}/dspam.conf" ${INCLUDE_DIRS[@]} 2>/dev/null
> DSPAM_PgSQL_CMD="${PGSQL_BIN_DIR}/psql -q -U ${PgSQLUser} -h
> ${PgSQLServer} -d ${PgSQLDb}"
> [ -n "${PgSQLPort}" ] &&
> DSPAM_PgSQL_CMD="${DSPAM_PgSQL_CMD} -p ${PgSQLPort}"
> @@ -1027,6 +1028,7 @@ if ( set -o noclobber; echo "$$" >
> "${DSPAM_CRON_LOCKFILE}") 2> /dev/null; then
> [ "${VERBOSE}" = "true" ] && echo "dspam.conf not found! Can
> not continue without it."
> exit 2
> fi
> + INCLUDE_DIRS=$(awk "BEGIN { IGNORECASE=1; } \$1==\"Include\" { print
> \$2 \"/*.conf\"; }" "${DSPAM_CONFIGDIR}/dspam.conf" 2>/dev/null)
>
>
> #
> --
> 1.6.3.3
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Dspam-devel mailing list
> Dspam-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspam-devel
>
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel
