I'm NMUing the package with the attached diff. -- see shy jo
diff -ur old/zhcon-0.2.3/debian/changelog zhcon-0.2.3/debian/changelog
--- old/zhcon-0.2.3/debian/changelog 2005-01-26 15:13:58.000000000 -0500
+++ zhcon-0.2.3/debian/changelog 2005-01-26 15:11:30.000000000 -0500
@@ -1,3 +1,11 @@
+zhcon (1:0.2.3-8.1) unstable; urgency=HIGH
+
+ * NMU
+ * Forward ported patch from security team to prevent unauthorised file
+ access [src/configfile.cpp, CAN-2005-0072]. Closes: #292210
+
+ -- Joey Hess <[EMAIL PROTECTED]> Wed, 26 Jan 2005 15:10:36 -0500
+
zhcon (1:0.2.3-8) unstable; urgency=low
* patch for gcc-3.4. (closes:Bug#264151)
diff -ur old/zhcon-0.2.3/src/configfile.cpp zhcon-0.2.3/src/configfile.cpp
--- old/zhcon-0.2.3/src/configfile.cpp 2002-05-11 23:58:26.000000000 -0400
+++ zhcon-0.2.3/src/configfile.cpp 2005-01-26 15:12:46.000000000 -0500
@@ -19,13 +19,23 @@
#include <stdexcept>
#include <fstream>
#include <cstdlib>
+#include <unistd.h>
+#include <sys/types.h>
#include "configfile.h"
ConfigFile::ConfigFile(const char *fn) {
+ uid_t ruid, euid;
+
+ ruid = getuid();
+ euid = geteuid();
+
+ setreuid(euid, ruid);
+
ifstream in(fn);
if (!in)
throw runtime_error("Could not open config file!");
ParseFile(in);
+ setreuid(ruid, euid);
}
ConfigFile::~ConfigFile() {}
signature.asc
Description: Digital signature
