From: [email protected]

--2tWkrNKppd65XSnD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

package slocate
tags 226103 patch
thanks

On Mon, 9 Aug 2004 22:11:14 -0300, Joey Hess wrote:

However, I see no
indication that CAN-2003-0848 is fixed in unstable. As noted at the top
of the bug, 2.7 is probably vulnerable. The sgid dropping should
certainly be forward ported from 2.6-1.3.2.

Forward porting the patch is easy, it applies cleanly (just some
offset), except for the debian/changelog part. I don't know whether
this patch will be sufficient for v2.7, though, but I'd assume so as
the attached patch and the diff between v2.6 and v2.7 don't seem to intersect...
Find attached the patch from DSA-428-1 (diff between v2.6-1.3.1 and
v2.6-1.3.2)

Cheers,
Flo


PS: Please lart me if I went to far in tagging this bug "patch".

--2tWkrNKppd65XSnD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="DSA-428-1.diff" Content-Transfer-Encoding: quoted-printable

diff -u slocate-2.6/main.c slocate-2.6/main.c
--- slocate-2.6/main.c
+++ slocate-2.6/main.c
@@ -339,6 +339,9 @@
char *part;
int i;
int res_errno;
+ char *tmp_ptr = NULL;
+ int last_sgid = 0;
+ struct stat db_stat;

/* Make sure path is not empty */
if (!path || strlen(path) == 0) return;
@@ -382,6 +385,28 @@

/* Null terminate array */
SLOCATE_PATH[i] = NULL;
+
+ /* Sort sgid slocate db's to the top */
+ for (i = 0; SLOCATE_PATH[i]; i++) {
+ if (stat(SLOCATE_PATH[i], &db_stat) == -1)
+ report_error(FATAL, QUIET, "%s: Could not stat DB: %s: %s\n", progname, SLOCATE_PATH[i], strerror(errno));
+
+ if (db_stat.st_gid != SLOC_GID)
+ continue;
+
+ if (i != last_sgid) {
+ tmp_ptr = SLOCATE_PATH[last_sgid];
+ SLOCATE_PATH[last_sgid] = SLOCATE_PATH[i];
+ SLOCATE_PATH[i] = tmp_ptr;
+ }
+
+ last_sgid += 1;
+
+ }
+
+ /* for (i = 0; SLOCATE_PATH[i]; i++)
+ printf("%s\n", SLOCATE_PATH[i]); */
+
}

/* Parse Dash */
@@ -1152,6 +1177,22 @@
char *cp=NULL;
#endif
char *buck