ports/164529: [PATCH] security/swatch doesn't always find running process

Michael Scheidell scheidell at FreeBSD.org
Thu Jan 26 20:20:10 UTC 2012 

>Number:         164529
>Category:       ports
>Synopsis:       [PATCH] security/swatch doesn't always find running process
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 26 20:20:09 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security Corp
>Environment:

amd7.4, amd7.3, i386 7.3
>Description:
	1) service swatch status won't always show status, which means it won't always stop, restart, etc.
	if swatch_x_flags is greater than 222 bytes, then you need procname=/usr/local/bin/perl
        if < 222, you don't.  This is due to the $0 limit in perl:  "

http://perldoc.perl.org/perlvar.html
"Note that there are platform-specific limitations on the maximum length of $0 . In the most extreme case it may be limited 
to the space occupied by the original $0 ."


	2) swatch would LIKE to have p5-File-Tail as a dependency: (if you don't use the default tail command)
	"Checking if your kit is complete...
Looks good
Warning: prerequisite File::Tail 0 not found.
Writing Makefile for swatch:
>How-To-Repeat:
	1) have a very long log file name (so that swatch_1_flags is > 222 bytes), have multiple files, same
	2) pkg_delete p5-File-Tail\* and reinstall swatch. look for error.
>Fix:
	1) this patch takes the $command $swatch_x_flags and the 'suffex' (perl), two byte padding and compares it to 255
if swatch worked for you before (service swatch (status|stop|restart) then this should work.
if it didn't work before, and you had lots of little swatches running, this should fix it.

I asked in ports@ and perl@ and didn't really get any good answers to this ugly hack.

(note: two options, instead of setting procname, you could 'err 1 swatch_${i}_flags too long' in rc. or you could patch 
swatch to fail if cmdarg > (too long)

2) this patch will bring in File-Tail, and allow for both smaller swatch_x_flags lens and larger ones.

- patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines
- add p5-File-Tail dependency


--- swatch.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/swatch/Makefile,v
retrieving revision 1.31
diff -u -r1.31 Makefile
--- Makefile	21 Jan 2012 17:40:12 -0000	1.31
+++ Makefile	26 Jan 2012 19:55:30 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	swatch
 PORTVERSION=	3.2.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security sysutils
 MASTER_SITES=	SF
 
@@ -17,7 +17,8 @@
 BUILD_DEPENDS=	\
 	${SITE_PERL}/Date/Format.pm:${PORTSDIR}/devel/p5-TimeDate \
 	${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \
-	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc
+	${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc \
+	${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail
 RUN_DEPENDS:=	${BUILD_DEPENDS}
 
 PERL_CONFIGURE=	yes
Index: files/swatch.in
===================================================================
RCS file: /home/pcvs/ports/security/swatch/files/swatch.in,v
retrieving revision 1.7
diff -u -r1.7 swatch.in
--- files/swatch.in	14 Jan 2012 08:56:53 -0000	1.7
+++ files/swatch.in	26 Jan 2012 19:55:30 -0000
@@ -21,15 +21,20 @@
 
 name=swatch
 rcvar=swatch_enable
+# set some defaults
+: ${swatch_enable="NO"}
 
 command=%%PREFIX%%/bin/swatch
-procname=%%LOCALBASE%%/bin/perl
 
 load_rc_config ${name}
 
 if [ -n "${swatch_rules}" ]; then
     for i in ${swatch_rules}; do
 	eval swatch_flags=\$swatch_${i}_flags
+	len=`echo "0${command} ${swatch_flags} (perl)0" | wc -c`
+	if [ $len -ge 255 ];then
+	   procname=%%LOCALBASE%%/bin/perl
+	fi
 	eval swatch_user=\$swatch_${i}_user
 	eval swatch_chdir=\$swatch_${i}_chdir
 	eval pidfile=\$swatch_${i}_pidfile
--- swatch.patch ends here ---


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list