Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7894/adminserver/admserv/cgi-src40
Modified Files: Tag: Directory_Server_8_0_Branch repl-monitor-cgi.pl.in Log Message: Resolves: bugs 437301 and 437320 Description: Directory Server: shell command injection in CGI replication monitor Directory Server: unrestricted access to CGI scripts Fix Description: remove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only protected URIs for CGIs requiring authentication Remove most CGI parameters from repl-monitor-cgi.pl - user must supply replmon.conf in the admin server config directory instead of passing in this pathname - repl-monitor-cgi.pl does not use system to call repl-monitor.pl, it "includes" that script (using perl import). Platforms tested: all supported platforms Flag Day: no Doc impact: release notes are available
Index: repl-monitor-cgi.pl.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/repl-monitor-cgi.pl.in,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- repl-monitor-cgi.pl.in 5 Sep 2007 16:45:59 -0000 1.1 +++ repl-monitor-cgi.pl.in 15 Apr 2008 16:44:35 -0000 1.1.2.1 @@ -42,22 +42,25 @@
my $query = CGI->new;
-$params = ""; -$params .= " -h " . $query->url_param('servhost') if $query->url_param('servhost'); -$params .= " -p " . $query->url_param('servport') if $query->url_param('servport'); -$params .= " -f " . $query->url_param('configfile') if $query->url_param('configfile'); -$params .= " -t " . $query->url_param('refreshinterval') if $query->url_param('refreshinterval'); -if ($query->url_param('admurl')) { - $admurl = $query->url_param('admurl'); - if ( $ENV{'QUERY_STRING'} ) { - $admurl .= "?$ENV{'QUERY_STRING'}"; - } - elsif ( $ENV{'CONTENT_LENGTH'} ) { - $admurl .= "?$CGI::CONTENT"; - } - $params .= " -u "$admurl""; +@ARGV = (); # clear it out +my $configfile; +if ($ENV{DS_CONFIG_DIR} and -d $ENV{DS_CONFIG_DIR}) { + $configfile = "$ENV{DS_CONFIG_DIR}/@instancename@/replmon.conf"; +} elsif ("@instconfigdir@" and -d "@instconfigdir@") { + $configfile = "@instconfigdir@/replmon.conf"; }
+push @ARGV, '-f', $configfile; + +my $refreshinterval = $query->url_param('refreshinterval') ? int($query->url_param('refreshinterval')) : "300"; +push @ARGV, '-t', $refreshinterval; + +my $admurl = "http://"; +if ($ENV{HTTPS} and (lc($ENV{HTTPS}) eq "on")) { + $admurl = "https://"; +} +$admurl .= $ENV{HTTP_HOST} . $ENV{SCRIPT_NAME} . "?refreshinterval=$refreshinterval"; +push @ARGV, '-u', $admurl; + # Now the real work -$replmon = "@bindir@/repl-monitor.pl"; -system("$replmon $params"); +require "@bindir@/repl-monitor.pl";
389-commits@lists.fedoraproject.org