tags 415116 +patch Thankyou This is simply a diff between 3.1.3 and 3.1.4 with the patch from the .diff.gz. It fixes the problem whereby a specially-created file in /tmp could allow arbitrary deletion of files by being broken up into space- delimited results by the for loops.
The upstream changes are at [1]. It also adds the 'Files from cancelled imports' check, which may or may not be appropriate for a security fix. [1] http://cvs.horde.org/diff.php?r1=1.1.12.1&r2=1.1.12.2&f=horde%2Fscripts%2Ftemp-cleanup.cron --- horde3-3.1.3/scripts/temp-cleanup.cron 2007-03-24 22:15:09.000000000 +1100 +++ horde-3.1.4/scripts/temp-cleanup.cron 2007-03-24 22:35:08.000000000 +1100 @@ -24,26 +24,19 @@ echo ${TMP_DIR:=/tmp} > /dev/null # MSWord attachments (generated by the MSword viewer) -for MSWORD_FILE in `find $TMP_DIR -type f -name msword\* -ctime +2 `; do - rm -f $MSWORD_FILE -done +find $TMP_DIR -type f -name msword\* -ctime +2 -exec rm -f {} \; # IMP attachments -for IMP_FILE in `find $TMP_DIR -type f -name impatt\* -ctime +2 `; do - rm -f $IMP_FILE -done +find $TMP_DIR -type f -name impatt\* -ctime +2 -exec rm -f {} \; # Klutz temporary files -for KLUTZ_FILE in `find $TMP_DIR -type f -name Klutz\* -ctime +2 `; do - rm -f $KLUTZ_FILE -done +find $TMP_DIR -type f -name Klutz\* -ctime +2 -exec rm -f {} \; # Spell checking temporary files -for SPELL_FILE in `find $TMP_DIR -type f -name spell\* -ctime +2 `; do - rm -f $SPELL_FILE -done +find $TMP_DIR -type f -name spell\* -ctime +2 -exec rm -f {} \; # VFS temporary files -for IMP_FILE in `find $TMP_DIR -type f -name vfs\* -ctime +2 `; do - rm -f $IMP_FILE -done +find $TMP_DIR -type f -name vfs\* -ctime +2 -exec rm -f {} \; + +# Files from cancelled imports +find $TMP_DIR -type f -name import\* -ctime +2 -exec rm -f {} \; -- Paul "TBBle" Hampson, [EMAIL PROTECTED] Shorter .sig for a more eco-friendly paperless office.
pgpmYKVUVyamB.pgp
Description: PGP signature
