[vchkpw] vcdb.c patch for bad vpasswd permissions

Fri, 26 Dec 2003 15:08:05 -0800 

I noticed that vpopmail's vcdb.c failed to set secure permissions on the
vpasswd.cdb file.  It was giving global read permissions!  In a vpopmail
install where you install vpopmail exactly how it was ment to be run this is
not a big deal because the domains dir is 0700. I want/like to rely on the
domains dir though.  Anyway attached and pasted below is my patch....

~Shaun

-------------------------------------[snip]---------------------------------
-----------------------------
diff -Naur vpopmail-5.2.2/vcdb.c vpopmail-5.2.2.patched/vcdb.c
--- vpopmail-5.2.2/vcdb.c       2003-08-01 21:09:57.000000000 -0700
+++ vpopmail-5.2.2.patched/vcdb.c       2003-12-26 14:44:04.000000000 -0800
@@ -216,6 +216,14 @@
     chown(vpasswd_lock_file, uid, gid);
     chown(vpasswd_file, uid, gid);

+    /* Patch by [EMAIL PROTECTED]
+        Global Read Perms are evil, i dont like to rely on the permissions
of the previous dir! */
+    chmod(vpasswd_cdb_file, S_IRUSR | S_IWUSR);
+    chmod(vpasswd_lock_file, S_IRUSR | S_IWUSR);
+    chmod(vpasswd_file, S_IRUSR | S_IWUSR);
+   /* Patch end */
+
+
     return 0;
 }
----------------------------------------[EOP]-------------------------------
---------------------------


begin 666 vcdb.c_permissions_fix.patch
M9&EF9B M3F%U<B!V<&]P;6%I;"TU+C(N,B]V8V1B+F,@=G!O<&UA:6PM-2XR
M+C(N<&%T8VAE9"]V8V1B+F,-"BTM+2!V<&]P;6%I;"TU+C(N,B]V8V1B+F,@
M(" @(" @,C P,RTP."TP,2 R,3HP.3HU-RXP,# P,# P,# @+3 W,# -"BLK
M*R!V<&]P;6%I;"TU+C(N,BYP871C:&5D+W9C9&(N8R @(" @(" R,# S+3$R
M+3(V(#$T.C0T.C T+C P,# P,# P," M,[EMAIL PROTECTED], T*0$ @+3(Q-BPV("LR,38L
M,[EMAIL PROTECTED] -"B @(" @8VAO=VXH=G!A<W-W9%]L;V-K7V9I;&4L('5I9"[EMAIL PROTECTED]
M*3L-"B @(" @8VAO=VXH=G!A<W-W9%]F:6QE+"!U:60L(&=I9"D[#0H-"BL@
M(" @[EMAIL PROTECTED]&%T8V@@[EMAIL PROTECTED]&%N0$Y$0TAO<W0N8V]M#0HK(" @
M(" @("!';&[EMAIL PROTECTED]"!097)M<R!A<[EMAIL PROTECTED];"P@:2!D;VYT(&QI:V4@
M=&\@<F5L>2!O;B!T:&4@<&5R;6ES<VEO;G,@;[EMAIL PROTECTED]&AE('!R979I;W5S(&1I
M<[EMAIL PROTECTED]"BL@(" @8VAM;V0H=G!A<W-W9%]C9&)[EMAIL PROTECTED])4E534B!\
M(%-?25=54U(I.PT**R @("!C:&UO9"AV<&%S<[EMAIL PROTECTED])
M4E534B!\(%-?25=54U(I.PT**R @("!C:&UO9"AV<&%S<W=D7V9I;&4L(%-?
M25)54U(@?"!37TE755-2*3L-"BL@(" O*B!0871C:"!E;[EMAIL PROTECTED]"BL-"BL-
5"B @(" @<F5T=7)N(# [EMAIL PROTECTED]
`
end

Reply via email to