From c96732622b85ed3436590ce8ad585af7eb8b98c9 Mon Sep 17 00:00:00 2001 From: ms Date: Mon, 10 Apr 2006 18:39:59 +0000 Subject: [PATCH] =?utf8?q?Hinzugef=C3=BCgt:=20=20=20*=20Xinetd=20-=20Super?= =?utf8?q?-Daemon=20=20=20*=20Sudo?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@98 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- doc/packages-list.txt | 2 + lfs/sudo | 91 ++++++++++++++++++ lfs/xinetd | 98 ++++++++++++++++++++ make.sh | 10 +- src/ROOTFILES.i386 | 13 +++ src/paks/sudo/CONFFILES | 1 + src/paks/sudo/ROOTFILES | 10 ++ src/paks/sudo/install.sh | 12 +++ src/paks/sudo/uninstall.sh | 10 ++ src/paks/xinetd/CONFFILES | 2 + src/paks/xinetd/ROOTFILES | 8 ++ src/paks/xinetd/install.sh | 11 +++ src/paks/xinetd/uninstall.sh | 10 ++ src/patches/sudo-1.6.8p12-envvar_fix-1.patch | 59 ++++++++++++ 14 files changed, 334 insertions(+), 3 deletions(-) create mode 100644 lfs/sudo create mode 100644 lfs/xinetd create mode 100644 src/paks/sudo/CONFFILES create mode 100644 src/paks/sudo/ROOTFILES create mode 100644 src/paks/sudo/install.sh create mode 100644 src/paks/sudo/uninstall.sh create mode 100644 src/paks/xinetd/CONFFILES create mode 100644 src/paks/xinetd/ROOTFILES create mode 100644 src/paks/xinetd/install.sh create mode 100644 src/paks/xinetd/uninstall.sh create mode 100644 src/patches/sudo-1.6.8p12-envvar_fix-1.patch diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 93e465b235..658cf04527 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -156,6 +156,7 @@ * squid-2.5.STABLE13 * squid-graph-3.1 * stund_0.96_Aug13 + * sudo-1.6.8p12 * sysklogd-1.4.1 * syslinux-2.11 * sysvinit-2.86 @@ -171,4 +172,5 @@ * wget-1.10.2 * wireless_tools.27 * xampp-linux-1.5.1 + * xinetd-2.3.14 * zlib-1.2.3 diff --git a/lfs/sudo b/lfs/sudo new file mode 100644 index 0000000000..31fd36c360 --- /dev/null +++ b/lfs/sudo @@ -0,0 +1,91 @@ +############################################################################### +# This file is part of the IPCop Firewall. # +# # +# IPCop is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPCop is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPCop; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Makefiles are based on LFSMake, which is # +# Copyright (C) 2002 Rod Roard # +# # +# Modifications by: # +# ??-12-2003 Mark Wormgoor < mark@wormgoor.com> # +# - Modified Makefile for IPCop build # +# # +# $Id: ntp,v 1.6.2.3 2005/02/05 15:38:15 gespinasse Exp $ +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.6.8p12 + +THISAPP = sudo-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = http://www.courtesan.com/sudo/dist +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = b29893c06192df6230dd5f340f3badf5 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + make-packages.sh sudo $(THISAPP)-ipfire-beta-1 + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-envvar_fix-1.patch + cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib \ + --enable-noargs-shell --with-ignore-dot --with-all-insults \ + --enable-shell-sets-home && \ + cd $(DIR_APP) && make + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/xinetd b/lfs/xinetd new file mode 100644 index 0000000000..b5c47b006a --- /dev/null +++ b/lfs/xinetd @@ -0,0 +1,98 @@ +############################################################################### +# This file is part of the IPCop Firewall. # +# # +# IPCop is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPCop is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPCop; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Makefiles are based on LFSMake, which is # +# Copyright (C) 2002 Rod Roard # + +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.3.14 + +THISAPP = xinetd-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 567382d7972613090215c6c54f9b82d9 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + make-packages.sh xinetd $(THISAPP) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr --with-loadavg + cd $(DIR_APP) && make + cd $(DIR_APP) && make install + cd $(DIR_APP) && install -v -d -m755 /etc/xinetd.d + echo "# Begin /etc/xinetd" > /etc/xinetd.conf + echo "# Configuration file for xinetd" >> /etc/xinetd.conf + echo "#" >> /etc/xinetd.conf + echo "defaults" >> /etc/xinetd.conf + echo "{" >> /etc/xinetd.conf + echo " instances = 60" >> /etc/xinetd.conf + echo " log_type = SYSLOG daemon" >> /etc/xinetd.conf + echo " log_on_success = HOST PID USERID" >> /etc/xinetd.conf + echo " log_on_failure = HOST USERID" >> /etc/xinetd.conf + echo " cps = 25 30" >> /etc/xinetd.conf + echo "}" >> /etc/xinetd.conf + echo "# All service files are stored in the /etc/xinetd.d directory" >> /etc/xinetd.conf + echo "#" >> /etc/xinetd.conf + echo "includedir /etc/xinetd.d" >> /etc/xinetd.conf + echo "# End /etc/xinetd" >> /etc/xinetd.conf + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 96845bdee0..187e4dfec3 100644 --- a/make.sh +++ b/make.sh @@ -647,6 +647,8 @@ buildipcop() { ipcopmake libsafe ipcopmake 3c5x9setup echo -ne "`date -u '+%b %e %T'`: Building IPFire modules \n" | tee -a $LOGFILE + ipcopmake sudo + ipcopmake xinetd ipcopmake pkg-config ipcopmake glib ipcopmake wget @@ -752,15 +754,17 @@ buildpackages() { grep -v 'configroot$\|img$\|initrd$\|initscripts$\|installer$\|install$\|ipcop$\|setup$\|stage2$\|smp$\|tools$\|tools1$\|tools2$' \ $BASEDIR/doc/packages-list | sort >> $BASEDIR/doc/packages-list.txt rm -f $BASEDIR/doc/packages-list - # packages-list.txt is ready to be displayed for wiki page IPCopSoftwares + # packages-list.txt is ready to be displayed for wiki page # Create ISO for CDRom and USB-superfloppy ipcopmake cdrom cp $LFS/install/images/{*.iso,*.tgz} $BASEDIR >> $LOGFILE 2>&1 - + # Build IPFire packages - ipfiredist postfix ipfiredist mc + ipfiredist postfix + ipfiredist sudo + ipfiredist xinetd # Cleanup stdumount rm -rf $BASEDIR/build/tmp/* diff --git a/src/ROOTFILES.i386 b/src/ROOTFILES.i386 index 7af33f1c5c..745a406f8c 100644 --- a/src/ROOTFILES.i386 +++ b/src/ROOTFILES.i386 @@ -32163,3 +32163,16 @@ usr/include/libbridge.h usr/lib/libbridge.a usr/sbin/brctl #usr/share/man/man8/brctl.8 +## +## sudo +## +etc/sudoers +usr/bin/sudo +usr/bin/sudoedit +usr/lib/sudo_noexec.la +usr/lib/sudo_noexec.so +usr/sbin/visudo +#usr/share/man/man5/sudoers.5 +#usr/share/man/man8/sudo.8 +#usr/share/man/man8/sudoedit.8 +#usr/share/man/man8/visudo.8 diff --git a/src/paks/sudo/CONFFILES b/src/paks/sudo/CONFFILES new file mode 100644 index 0000000000..5d0c02811a --- /dev/null +++ b/src/paks/sudo/CONFFILES @@ -0,0 +1 @@ +etc/sudoers \ No newline at end of file diff --git a/src/paks/sudo/ROOTFILES b/src/paks/sudo/ROOTFILES new file mode 100644 index 0000000000..6c9915f32f --- /dev/null +++ b/src/paks/sudo/ROOTFILES @@ -0,0 +1,10 @@ +#etc/sudoers +usr/bin/sudo +usr/bin/sudoedit +usr/lib/sudo_noexec.la +usr/lib/sudo_noexec.so +usr/sbin/visudo +#usr/share/man/man5/sudoers.5 +#usr/share/man/man8/sudo.8 +#usr/share/man/man8/sudoedit.8 +#usr/share/man/man8/visudo.8 diff --git a/src/paks/sudo/install.sh b/src/paks/sudo/install.sh new file mode 100644 index 0000000000..c53fdc4377 --- /dev/null +++ b/src/paks/sudo/install.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# +################################################################# +# # +# This file belongs to IPFire Firewall - GPLv2 - www.ipfire.org # +# # +################################################################# +# +# Extract the files +tar xfz files.tgz -C / +tar xfz conf.tgz -C / +cp -f ROOTFILES /opt/pakfire/installed/ROOTFILES.$2 diff --git a/src/paks/sudo/uninstall.sh b/src/paks/sudo/uninstall.sh new file mode 100644 index 0000000000..ad6122665e --- /dev/null +++ b/src/paks/sudo/uninstall.sh @@ -0,0 +1,10 @@ +#!/bin/bash +################################################################# +# # +# This file belongs to IPFire Firewall - GPLv2 - www.ipfire.org # +# # +################################################################# +# +# Delete the files +## Befehl fehlt noch +rm -f /opt/pakfire/installed/ROOTFILES.$2 diff --git a/src/paks/xinetd/CONFFILES b/src/paks/xinetd/CONFFILES new file mode 100644 index 0000000000..7eb6bc9cf2 --- /dev/null +++ b/src/paks/xinetd/CONFFILES @@ -0,0 +1,2 @@ +etc/xinetd.conf +etc/xinetd.d diff --git a/src/paks/xinetd/ROOTFILES b/src/paks/xinetd/ROOTFILES new file mode 100644 index 0000000000..61974828b9 --- /dev/null +++ b/src/paks/xinetd/ROOTFILES @@ -0,0 +1,8 @@ +usr/sbin/itox +usr/sbin/xconv.pl +usr/sbin/xinetd +#usr/share/man/man5/xinetd.conf.5 +#usr/share/man/man8/itox.8 +#usr/share/man/man8/xconv.pl.8 +#usr/share/man/man8/xinetd.8 +#usr/share/man/man8/xinetd.log.8 diff --git a/src/paks/xinetd/install.sh b/src/paks/xinetd/install.sh new file mode 100644 index 0000000000..3a9ce551bf --- /dev/null +++ b/src/paks/xinetd/install.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# +################################################################# +# # +# This file belongs to IPFire Firewall - GPLv2 - www.ipfire.org # +# # +################################################################# +# +# Extract the files +tar xfz files.tgz -C / +cp -f ROOTFILES /opt/pakfire/installed/ROOTFILES.$2 diff --git a/src/paks/xinetd/uninstall.sh b/src/paks/xinetd/uninstall.sh new file mode 100644 index 0000000000..ad6122665e --- /dev/null +++ b/src/paks/xinetd/uninstall.sh @@ -0,0 +1,10 @@ +#!/bin/bash +################################################################# +# # +# This file belongs to IPFire Firewall - GPLv2 - www.ipfire.org # +# # +################################################################# +# +# Delete the files +## Befehl fehlt noch +rm -f /opt/pakfire/installed/ROOTFILES.$2 diff --git a/src/patches/sudo-1.6.8p12-envvar_fix-1.patch b/src/patches/sudo-1.6.8p12-envvar_fix-1.patch new file mode 100644 index 0000000000..5bb4db24b0 --- /dev/null +++ b/src/patches/sudo-1.6.8p12-envvar_fix-1.patch @@ -0,0 +1,59 @@ +Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org) +Date: 2005-01-17 +Initial Package Version: 1.6.8p12 +Origin: Upstream CVS +Upstream Status: In CVS +Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is + off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment + variables, which allows limited local users to cause a Perl script + to include and execute arbitrary library files that have the same + name as library files that are included by the script. + Additionally, more variables beyond perl were added to the + blacklist and comments were added to the variables. + +diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c +--- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000 ++++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000 +@@ -118,18 +118,31 @@ + "USR_ACE", + "DLC_ACE", + #endif /* HAVE_SECURID */ +- "TERMINFO", +- "TERMINFO_DIRS", +- "TERMPATH", ++ "TERMINFO", /* terminfo, exclusive path to terminfo files */ ++ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */ ++ "TERMPATH", /* termcap, path(s) to termcap files */ + "TERMCAP", /* XXX - only if it starts with '/' */ +- "ENV", +- "BASH_ENV", +- "PS4", +- "SHELLOPTS", +- "JAVA_TOOL_OPTIONS", +- "PERLLIB", +- "PERL5LIB", +- "PERL5OPT", ++ "ENV", /* ksh, file to source before script runs */ ++ "BASH_ENV", /* bash, file to source before script runs */ ++ "PS4", /* bash, prefix for lines in xtrace mode */ ++ "GLOBIGNORE", /* bash, globbing patterns to ignore */ ++ "SHELLOPTS", /* bash, extra command line options */ ++ "JAVA_TOOL_OPTIONS", /* java, extra command line options */ ++ "PERLIO_DEBUG ", /* perl, debugging output file */ ++ "PERLLIB", /* perl, search path for modules/includes */ ++ "PERL5LIB", /* perl 5, search path for modules/includes */ ++ "PERL5OPT", /* perl 5, extra command line options */ ++ "PERL5DB", /* perl 5, command used to load debugger */ ++ "FPATH", /* ksh, search path for functions */ ++ "NULLCMD", /* zsh, command for null file redirection */ ++ "READNULLCMD", /* zsh, command for null file redirection */ ++ "ZDOTDIR", /* zsh, search path for dot files */ ++ "TMPPREFIX", /* zsh, prefix for temporary files */ ++ "PYTHONHOME", /* python, module search path */ ++ "PYTHONPATH", /* python, search path */ ++ "PYTHONINSPEC", /* python, allow inspection */ ++ "RUBYLIB", /* ruby, library load path */ ++ "RUBYOPT", /* ruby, extra command line options */ + NULL + }; + -- 2.39.2