changeset 20:c75924bd38e3

fix security hole relating to path for package user.
author Robert McIntyre <rlm@mit.edu>
date Thu, 10 Jan 2013 04:25:17 +0000
parents 4fbe69d24a9c
children d46aeb3166d0
files src/hg-wrapper.c src/pkg.pl src/system-init.pl
diffstat 3 files changed, 7 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
     1.1 --- a/src/hg-wrapper.c	Wed Jan 09 12:32:58 2013 +0000
     1.2 +++ b/src/hg-wrapper.c	Thu Jan 10 04:25:17 2013 +0000
     1.3 @@ -2,7 +2,8 @@
     1.4  #include <unistd.h>
     1.5  
     1.6  main( int argc, char ** argv){
     1.7 -  pipecmd* p = pipecmd_new("hg");
     1.8 +  pipecmd* p = 
     1.9 +    pipecmd_new("/pkg/hg-committer/hg");
    1.10  
    1.11    int i;
    1.12    for(i = 1; i < argc; i++){
     2.1 --- a/src/pkg.pl	Wed Jan 09 12:32:58 2013 +0000
     2.2 +++ b/src/pkg.pl	Thu Jan 10 04:25:17 2013 +0000
     2.3 @@ -79,7 +79,7 @@
     2.4  
     2.5  @pkg_copy_hg_wrapper_cmd =
     2.6    (install, "-g", "hg-wheel", "-o", "hg-committer",
     2.7 -   "-m", "6111", "/pkg/hg-committer/.hg-wrapper", $pkg_home);
     2.8 +   "-m", "6111", "/pkg/hg-committer/hg-wrapper", "$pkg_home/.hg-wrapper");
     2.9  
    2.10  sub execute{print "\t@_\n"; system(@_) and die $!;}
    2.11  
     3.1 --- a/src/system-init.pl	Wed Jan 09 12:32:58 2013 +0000
     3.2 +++ b/src/system-init.pl	Thu Jan 10 04:25:17 2013 +0000
     3.3 @@ -126,8 +126,10 @@
     3.4  
     3.5  $pwd = getcwd;
     3.6  execute("gpasswd --add hg-committer hg-wheel");
     3.7 -execute("ln -sfv $pwd/profile  /pkg/hg-committer/.profile");
     3.8 -execute("ln -sfv $pwd/hg-wrapper /pkg/hg-committer/.hg-wrapper");
     3.9 +execute("ln -sf $pwd/profile  /pkg/hg-committer/.profile");
    3.10 +execute("ln -sf $pwd/hg-wrapper /pkg/hg-committer/");
    3.11 +execute("ln -sf `which hg` /pkg/hg-committer/");
    3.12  
    3.13  
    3.14  
    3.15 +