dfanfdsanfdsa
/
ood-ports-lbsd-fork1
ответвлено от jimmy/ood-ports-lbsd


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
							# $OpenBSD: patch-postgrey,v 1.6 2014/08/19 13:54:56 giovanni Exp $

default path/uid/gid changes, plus untaint for Perl 5.18

From 9673b54064691a5b9c295ffea340d8a1f9ee1cb8 Mon Sep 17 00:00:00 2001
From: Yasuhiro KIMURA <yasu@utahime.org>
Date: Sat, 17 Aug 2013 22:05:27 +0900
Subject: [PATCH] Make postgrey work with Perl 5.18

--- postgrey.orig	Wed Jun 11 15:13:50 2014
+++ postgrey	Sat Jul 12 17:18:21 2014
@@ -23,7 +23,7 @@ use vars qw(@ISA);
 @ISA = qw(Net::Server::Multiplex);
 
 my $VERSION = '1.35';
-my $DEFAULT_DBDIR = '/var/spool/postfix/postgrey';
+my $DEFAULT_DBDIR = '/var/db/postgrey';
 my $CONFIG_DIR = '/etc/postfix';
 
 sub cidr_parse($)
@@ -551,6 +551,16 @@ sub main()
                 "       followed by 'h' for hours ('6h' for example).\n";
         }
     }
+    # untaint what is given on --pidfile. It is not security sensitive since
+    # it is provided by the admin
+    if($opt{pidfile}) {
+        $opt{pidfile} =~ /^(.*)$/; $opt{pidfile} = $1;
+    }
+    # untaint what is given on --inet. It is not security sensitive since
+    # it is provided by the admin
+    if($opt{inet}) {
+        $opt{inet} =~ /^(.*)$/; $opt{inet} = $1;
+    }
 
     # untaint what is given on --dbdir. It is not security sensitive since
     # it is provided by the admin
@@ -595,8 +605,8 @@ sub main()
             commandline      => [ 'postgrey', @ARGV_saved ],
             port             => [ $opt{inet} ? $opt{inet} : $opt{unix}."|unix" ],
             proto            => $opt{inet} ? 'tcp' : 'unix',
-            user             => $opt{user} || 'postgrey',
-            group            => $opt{group} || 'nogroup',
+            user             => $opt{user} || '_postgrey',
+            group            => $opt{group} || '_postgrey',
             dbdir            => $opt{dbdir} || $DEFAULT_DBDIR,
             setsid           => $opt{daemonize} ? 1 : undef,
             pid_file         => $opt{daemonize} ? $opt{pidfile} : undef,
@@ -804,9 +814,9 @@ B<postgrey> [I<options>...]
  -i, --inet=[HOST:]PORT  listen on PORT, localhost if HOST is not specified
  -d, --daemonize         run in the background
      --pidfile=PATH      put daemon pid into this file
-     --user=USER         run as USER (default: postgrey)
-     --group=GROUP       run as group GROUP (default: nogroup)
-     --dbdir=PATH        put db files in PATH (default: /var/spool/postfix/postgrey)
+     --user=USER         run as USER (default: _postgrey)
+     --group=GROUP       run as group GROUP (default: _postgrey)
+     --dbdir=PATH        put db files in PATH (default: /var/db/postgrey)
      --delay=N           greylist for N seconds (default: 300)
      --max-age=N         delete entries older than N days since the last time
                          that they have been seen (default: 35)