runpipe v1.2 with security hole fix

runpipe v1.2 with security hole fix

Post by Christopher Neufel » Wed, 12 Mar 1997 04:00:00



-----BEGIN PGP SIGNED MESSAGE-----

   The latest version of runpipe is available now from sunsite or my FTP
site.
   Runpipe is a daemon/client pair which watches a set of named pipes for
a read or write action on a pipe, and then executes a program on the
other end of the pipe. It is most commonly used to run a program on the
other end of the .plan pipe, so that when a person fingers the account,
the .plan "file" appears to contain the output of the program. This can
be used to make plan files which change whenever they're read, or which
deliver different messages depending on other information such as time of
day or whether or not the user is logged on.

   This release fixes a potentially serious security bug in the daemon
when run in system mode, and a potentially annoying behaviour when run in
paranoid mode. I strongly recommend that nobody who runs the daemon in
system mode run it with a version prior to 1.2.

   Here is the .lsm:

Begin3
Title:          Runpipe daemon and client
Version:        1.2
Entered-date:   March 10, 1997
Description:    A package which monitors named pipes and runs a process on
                the other end of the pipe when a read or write access is
                made to the pipe.
Keywords:       FIFO pipe plan


Primary-site:   caliban.physics.utoronto.ca /pub/linux
                17 kB runpipe-1.2.tar.gz
Alternate-site: sunsite.unc.edu /pub/Linux/system/daemons
Original-site:  
Platform:      
Copying-policy: GPL
End

- --

 Home page:  http://caliban.physics.utoronto.ca/neufeld/Intro.html
 "Don't edit reality for the sake of simplicity"

- --
This article has been digitally signed by the moderator, using PGP.
http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature.

PLEASE remember a short description of the software and the LOCATION.
This group is archived at http://www.iki.fi/liw/linux/cola.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBMyUje4QRll5MupLRAQFASwP+M+6F2gqdj+919o6LdEf/plACjfcfOxbJ
kRcWpRFE9UaQcWdhiPzE73nEDL/XV4RijANgBFyMEOYAYK7MyrdSpEZU+pE9uO/C
f+rlHUiSdjwUUaGJyqGMeWqXvzgkHEw2VcbxWbsv//PlZk3NypPHivcft7GAgIMq
tMQ9ShDocoE=
=JDFv
-----END PGP SIGNATURE-----

 
 
 

1. ANNOUNCE Apache::ASP v1.95 - Examples Security Hole Fixed

ANNOUNCE Apache::ASP v1.95 - Examples Security Hole Fixed

Apache::ASP < http://www.nodeworks.com/asp/ > had a security
hole in its ./site/eg/source.asp distribution examples file,
allowing a malicious hacker to potentially write to files in
the directory local to the source.asp example script.

The next version of Apache::ASP v1.95 going to CPAN will not
have this security hole in its example ./site/eg/source.asp
The general CHANGES for this release is below.  Note that
CPAN may not have the 1.95 version for another 24 hours.

Until you have the latest examples, I would recommend deleting
this source.asp file from any public web server that has
Apache::ASP installed on it.

The original report on a similar perl open() bug was at ZDNet's eWeek
at http://www.zdnet.com/eweek/stories/general/0,11011,2600258,00.html
where a hacking contest at openhack.org turned up a bug on
its minivend ecommerce software.

--Joshua Chamas

=item $VERSION = 1.95; $DATE="07/10/00";

 !!!!! EXAMPLES SECURITY BUG FOUND & FIXED !!!!!

 --FIXED: distribution example ./site/eg/source.asp now parses
  out special characters of the open() call when reading local
  files.

  This bug would allow a malicious user possible writing
  of files in the same directory as the source.asp script.  This
  writing exploit would only have effect if the web server user
  has write permission on those files.

  Similar bug announced by openhack.org for minivend software
  in story at:
    http://www.zdnet.com/eweek/stories/general/0,11011,2600258,00.html

  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 -$0 now set to transferred file, when using $Server->Transfer

 -Fix for XMLSubsMatch parsing on cases with 2 or more args passed
  to tag sub that was standalone like
    <Apps:header type="header" title="Moo" foo="moo" />

2. How to get a child fork to wait for the parent

3. Runpipe v1.0 beta

4. To PPP or not PPP...

5. pwdauthd pwdauth() - Source Wanted in order to fix security hole.

6. Kingston PCI 10/100 Ethernet card & AIX 4.1.5

7. Security Hole Fix?

8. Disk Quota

9. fix for HUGE SECURITY HOLE in syslog?

10. Tools to fix security holes

11. Security hole fix

12. X security hole- how to fix?

13. Fix for /bin/login security hole.