ports/65620: ports/security/cfs: cfssh(1) creates insecure directory

[dada at sbox.tugraz.at]

Here is a more comprehensive patch:

<-----------------cut here----------------------------------------------
diff -ruN cfs/files/patch-ac /usr/ports/security/cfs/files/patch-ac
--- cfs/files/patch-ac  Tue May 23 03:02:39 2000
+++ /usr/ports/security/cfs/files/patch-ac      Thu Jan 22 14:42:04 2004
@@ -1,8 +1,23 @@
---- cfssh.orig Mon May 22 20:56:00 2000
-+++ cfssh      Mon May 22 20:56:11 2000
-@@ -1,4 +1,4 @@
+--- cfssh.orig Wed Dec  3 22:21:40 1997
++++ cfssh      Thu Jan 22 14:38:48 2004
+@@ -1,11 +1,11 @@
 -#!/bin/ksh
 +#!/bin/sh

- if [ -z "$1" ]; then
+-if [ -z "$1" ]; then
++if [ ! -d "$1" ]; then
        echo Usage: cfssh directory
+       exit
+ fi
+ export PS1="crypto:`basename $1`$ "
+-D=.$RANDOM.$RANDOM
++D=$(basename $(mktemp -u /tmp/.XXXXXXXXXXXXX))
+ cattach $1 $D || exit 1
+ echo "Directory is /crypt/$D"
+ cd /crypt/$D
+@@ -13,5 +13,4 @@
+ CWD=`/bin/pwd`
+ D=`basename $CWD`
+ PWD=$CWD
+-export RANDOM=0
+ exec /bin/sh -c "$SHELL ; cdetach $D"
diff -ruN cfs/files/patch-ag /usr/ports/security/cfs/files/patch-ag
--- cfs/files/patch-ag  Thu Jan  1 01:00:00 1970
+++ /usr/ports/security/cfs/files/patch-ag      Thu Jan 22 14:50:21 2004
@@ -0,0 +1,8 @@
+--- cfssh.1.orig       Wed Dec  3 22:21:43 1997
++++ cfssh.1    Thu Jan 22 14:49:21 2004
+@@ -1,4 +1,4 @@
+-.TH SSH 1 ""
++.TH CFSSH 1 ""
+ .SH NAME
+ cfssh - (somewhat) secure CFS shell
+ .SH SYNOPSIS