Hi, I am not sure how to go about submitting patches for this project. I have put together a simple access control list for scmbugd to help increase security.
This might help with http://bugzilla.mkgnu.net/show_bug.cgi?id=78 I can't attach it to the bug since it appears there is no way to create an account there and I am pretty sure the list doesn't take attachments. I will paste it inline but if it is messed up, email me directly and and I can send a patch if you are interested. =========== Begin Patch ========== --- /usr/share/scmbug/lib/Scmbug/Daemon/Daemon.pm 2010-03-08 08:45:42.000000000 -0700 +++ Daemon/Daemon.pm 2010-05-20 16:20:37.000000000 -0600 @@ -554,7 +554,12 @@ # This is the parent return; } - + + # Reject connections from untrusted hosts + unless(grep {$_ eq $connection_ip_address } @{$daemon_configuration->{allow_list}}){ + log_fatal_error( undef, "Connection from $connection_ip_address - $connection_host_name refused\n"); + } + # This is the child. open( STDIN, "<&Client") or log_fatal_error( $COMMON_ERROR_CANNOT_OPEN_FILE, "can't dup client to stdin\n" ); open( STDOUT, ">&Client") or log_fatal_error( $COMMON_ERROR_CANNOT_OPEN_FILE, "can't dup client to stdout\n" ); @@ -646,6 +651,11 @@ # sub connection_handler_thread { my ( $socket, $connection_host_name, $connection_ip_address, $connection_port ) = ( @_ ); + + # Reject connections from untrusted hosts + unless(grep {$_ eq $connection_ip_address } @{$daemon_configuration->{allow_list}}){ + log_fatal_error( undef, "Connection from $connection_ip_address - $connection_host_name refused\n"); + } # Received request my $request; --- /home/ghendricks/src/SCMBUG_RELEASE_0-26-17/src/daemon/etc/daemon.conf.template 2010-05-20 14:07:49.000000000 -0600 +++ ../../daemon/etc/daemon.conf.template 2010-05-20 16:23:12.000000000 -0600 @@ -19,7 +19,11 @@ # Pid file the daemon will use daemon_pidfile => "/var/run/scmbug_daemon.pid", - + + # Allowed IP addresses + allow_list => [ + '127.0.0.1' + ], # # Execution mode of the daemon. There are 3 options: # ============= END PATCH ============ ++Greg _______________________________________________ scmbug-users mailing list [email protected] http://lists.mkgnu.net/cgi-bin/mailman/listinfo/scmbug-users
