[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Tue, 07 Sep 2004 10:05:23 -0000 

foxr		Tue Sep  7 06:05:23 2004 EDT

  Modified files:              
    /loncom	lond 
  Log:
  1. Close a minor security issue in du request - prevent bad boys from
     adding stuff to the directory for execution.
  2. Do a bit of proof reading and commenting as appropriate.
   
  
  Much much more proof-reading/inspection left to do.
  
  
Index: loncom/lond
diff -u loncom/lond:1.248 loncom/lond:1.249
--- loncom/lond:1.248	Fri Sep  3 06:13:59 2004
+++ loncom/lond	Tue Sep  7 06:05:23 2004
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.248 2004/09/03 10:13:59 foxr Exp $
+# $Id: lond,v 1.249 2004/09/07 10:05:23 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -57,7 +57,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.248 $'; #' stupid emacs
+my $VERSION='$Revision: 1.249 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1306,9 +1306,27 @@
 	&Failure($client,"refused\n","$cmd:$ududir");
 	return 1;
     }
-    my $duout = `du -ks $ududir 2>/dev/null`;
-    $duout=~s/[^\d]//g; #preserve only the numbers
-    &Reply($client,"$duout\n","$cmd:$ududir");
+    #  Since $ududir could have some nasties in it,
+    #  we will require that ududir is a valid
+    #  directory.  Just in case someone tries to
+    #  slip us a  line like .;(cd /home/httpd rm -rf*)
+    #  etc.
+    #
+    if (-d $ududir) {
+	#  And as Shakespeare would say to make
+	#  assurance double sure, quote the $ududir
+	#  This is in case someone manages to first
+	#  e.g. fabricate a valid directory with a ';'
+	#  in it.  Quoting the dir will help
+	#  keep $ududir completely interpreted as a 
+	#  directory.
+	# 
+	my $duout = `du -ks "$ududir" 2>/dev/null`;
+	$duout=~s/[^\d]//g; #preserve only the numbers
+	&Reply($client,"$duout\n","$cmd:$ududir");
+    } else {
+	&Failure($client, "bad_directory:$ududir", $userinput);
+    }
     return 1;
 }
 &register_handler("du", \&du_handler, 0, 1, 0);
@@ -1370,7 +1388,7 @@
 	$ulsout='no_such_dir';
     }
     if ($ulsout eq '') { $ulsout='empty'; }
-    print $client "$ulsout\n";
+    &Reply($client, "$ulsout\n", $userinput); # This supports debug logging.
     
     return 1;
 
@@ -4989,7 +5007,8 @@
     # At the end of this function. I'll ensure that it's not still that
     # value so we don't just wind up returning some accidental value
     # as a result of executing an unforseen code path that
-    # did not set $validated.
+    # did not set $validated.  At the end of valid execution paths,
+    # validated shoule be 1 for success or 0 for failuer.
 
     my $validated = -3.14159;
 
@@ -5077,7 +5096,11 @@
     #
 
     unless ($validated != -3.14159) {
-	die "ValidateUser - failed to set the value of validated";
+	#  I >really really< want to know if this happens.
+	#  since it indicates that user authentication is badly
+	#  broken in some code path.
+        #
+	die "ValidateUser - failed to set the value of validated $domain, $user $password";
     }
     return $validated;
 }