diff options
author | bbaetz%student.usyd.edu.au <> | 2002-06-04 14:47:27 +0200 |
---|---|---|
committer | bbaetz%student.usyd.edu.au <> | 2002-06-04 14:47:27 +0200 |
commit | b4c02643fcf1586496bafcdda50e8219dc3fa0df (patch) | |
tree | 73276f17ed04fa1babf3b71caf6a902e41827728 | |
parent | a162877b07097cf590f436aa6ce13ca12d54b0a6 (diff) | |
download | bugzilla-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar.gz bugzilla-b4c02643fcf1586496bafcdda50e8219dc3fa0df.tar.xz |
Bug 143574 - taint errors with alternate formats. Also make data/template
writable for non webservergroup users.
r=myk, justdave
-rwxr-xr-x | checksetup.pl | 6 | ||||
-rw-r--r-- | globals.pl | 10 |
2 files changed, 14 insertions, 2 deletions
diff --git a/checksetup.pl b/checksetup.pl index 4b6a23f27..0f9e2328f 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -841,6 +841,8 @@ END if (-e 'data/template') { unless (-d 'data/template' && -e 'data/template/.lastRebuild' && (stat('data/template/.lastRebuild'))[9] >= $lastTemplateParamChange) { + print "Removing existing compiled templates ...\n"; + # If File::Path::rmtree reported errors, then I'd use that use File::Find; sub remove { @@ -904,6 +906,8 @@ END } { + print "Precompiling templates ...\n"; + use File::Find; use Cwd; @@ -1089,7 +1093,7 @@ if ($my_webservergroup) { my $gid = (split " ", $()[0]; fixPerms('.htaccess', $<, $gid, 022); # glob('*') doesn't catch dotfiles fixPerms('data/.htaccess', $<, $gid, 022); - fixPerms('data/template', $<, $gid, 022, 1); + fixPerms('data/template', $<, $gid, 000, 1); # webserver will write to these fixPerms('data/webdot/.htaccess', $<, $gid, 022); fixPerms('data/params', $<, $gid, 011); fixPerms('*', $<, $gid, 022); diff --git a/globals.pl b/globals.pl index 637955bd6..99af6ffa4 100644 --- a/globals.pl +++ b/globals.pl @@ -1680,7 +1680,15 @@ sub GetOutputFormats { # Loop over each file in the sub-directory looking for format files # (files whose name looks like SCRIPT-FORMAT.EXT.tmpl). foreach my $file (@files) { - if ($file =~ /^\Q$script\E-(.+)\.(.+)\.(tmpl)$/) { + if ($file =~ /^\Q$script\E-(.+)\.(.+)\.tmpl$/) { + # This must be a valid file + # If an attacker could add a previously unused format + # type to trick us into running it, then they could just + # change an existing one... + # (This implies that running without a webservergroup is + # insecure, but that is the case anyway) + trick_taint($file); + $formats->{$1} = { 'template' => $file , 'extension' => $2 , |