upgrade to 1.11.11 for security reason

2004-01-02 11:34:40 +00:00 · 2004-01-02 11:34:40 +00:00 · ce7a5bd52c
commit ce7a5bd52c
parent 977212b1bf
6 changed files with 38 additions and 22 deletions
--- a/gnu/dist/cvs/doc/stamp-1
+++ b/gnu/dist/cvs/doc/stamp-1
@ -1,4 +1,4 @@
-@set UPDATED 6 October 2003
-@set UPDATED-MONTH October 2003
-@set EDITION 1.11.10
-@set VERSION 1.11.10
+@set UPDATED 4 December 2003
+@set UPDATED-MONTH December 2003
+@set EDITION 1.11.11
+@set VERSION 1.11.11
--- a/gnu/dist/cvs/doc/stamp-vti
+++ b/gnu/dist/cvs/doc/stamp-vti
@ -1,4 +1,4 @@
-@set UPDATED 18 November 2003
-@set UPDATED-MONTH November 2003
-@set EDITION 1.11.10
-@set VERSION 1.11.10
+@set UPDATED 4 December 2003
+@set UPDATED-MONTH December 2003
+@set EDITION 1.11.11
+@set VERSION 1.11.11
--- a/gnu/dist/cvs/doc/version-client.texi
+++ b/gnu/dist/cvs/doc/version-client.texi
@ -1,4 +1,4 @@
-@set UPDATED 6 October 2003
-@set UPDATED-MONTH October 2003
-@set EDITION 1.11.10
-@set VERSION 1.11.10
+@set UPDATED 4 December 2003
+@set UPDATED-MONTH December 2003
+@set EDITION 1.11.11
+@set VERSION 1.11.11
--- a/gnu/dist/cvs/doc/version.texi
+++ b/gnu/dist/cvs/doc/version.texi
@ -1,4 +1,4 @@
-@set UPDATED 18 November 2003
-@set UPDATED-MONTH November 2003
-@set EDITION 1.11.10
-@set VERSION 1.11.10
+@set UPDATED 4 December 2003
+@set UPDATED-MONTH December 2003
+@set EDITION 1.11.11
+@set VERSION 1.11.11
--- a/gnu/dist/cvs/src/run.c
+++ b/gnu/dist/cvs/src/run.c
@ -462,7 +462,7 @@ close_on_exec (fd)
     int fd;
 {
 #ifdef F_SETFD
-    if (fcntl (fd, F_SETFD, 1))
+    if (fcntl (fd, F_SETFD, 1) == -1)
 	error (1, errno, "can't set close-on-exec flag on %d", fd);
 #endif
 }
--- a/gnu/dist/cvs/src/server.c
+++ b/gnu/dist/cvs/src/server.c
@ -4409,6 +4409,7 @@ template_proc (repository, template)
 	    return 1;
 	}
    }
+    buf_send_counted (protocol);
    if (fclose (fp) < 0)
 	error (0, errno, "cannot close rcsinfo template file %s", template);
    return 0;
@ -5125,10 +5126,11 @@ error ENOMEM Virtual memory exhausted.\n");


 #if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined (HAVE_GSSAPI)
-static void switch_to_user PROTO((const char *));
+static void switch_to_user PROTO((const char *, const char *));

 static void
-switch_to_user (username)
+switch_to_user (cvs_username, username)
+    const char *cvs_username; /* Only used for error messages. */
    const char *username;
 {
    struct passwd *pw;
@ -5146,6 +5148,20 @@ error 0 %s: no such system user\n", username);
 	error_exit ();
    }

+    if (pw->pw_uid == 0)
+    {
+#ifdef HAVE_SYSLOG_H
+	    /* FIXME: Can the IP address of the connecting client be retrieved
+	     * and printed here?
+	     */
+	    syslog (LOG_DAEMON | LOG_ALERT,
+		    "attempt to root from account: %s", cvs_username
+		   );
+#endif
+        printf("error 0: root not allowed\n");
+        error_exit ();
+    }
+
 #if HAVE_INITGROUPS
    if (initgroups (pw->pw_name, pw->pw_gid) < 0
 #  ifdef EPERM
@ -5751,7 +5767,7 @@ pserver_authenticate_connection ()
    strcpy (Pserver_Repos, repository);

    /* Switch to run as this user. */
-    switch_to_user (host_user);
+    switch_to_user (username, host_user);
    free (host_user);
    free (tmp);
    free (repository);
@ -5834,7 +5850,7 @@ error 0 kerberos: can't get local name: %s\n", krb_get_err_text(status));
    }

    /* Switch to run as this user. */
-    switch_to_user (user);
+    switch_to_user (user, user);
 }
 #endif /* HAVE_KERBEROS */

@ -5946,7 +5962,7 @@ gserver_authenticate_connection ()
 	    error (1, errno, "fwrite failed");
    }

-    switch_to_user (buf);
+    switch_to_user ("GSSAPI", buf);

    printf ("I LOVE YOU\n");
    fflush (stdout);