fix pts mem vulnerability, with new -encrypt option

svn path=/trunk/packages/invirt-web/; revision=1947

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index 13f8cf7..a35a4f1 100644 (file)
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -28,7 +28,7 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
     pass
 
 def getAfsGroupMembers(group, cell):

-    p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], 
+    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],

                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     err = p.stderr.read()
     if err: #Error code doesn't reveal missing groups, but stderr does

diff --git a/config.todo b/config.todo
index a1f921c..b95a341 100644 (file)
--- a/config.todo
+++ b/config.todo
@@ -4,6 +4,7 @@ code/Makefile: base URI
 # may differ dev/prod?
 files/etc/apache2/sites-available/default: assumes trac
 files/etc/init.d/apache2.invirt: afs cell (for svn)
 # may differ dev/prod?
 files/etc/apache2/sites-available/default: assumes trac
 files/etc/init.d/apache2.invirt: afs cell (for svn)

+invirt-cache-acls: aklog athena sipb

 code/templates/error.tmpl: xvm@mit.edu
 code/templates/help.tmpl: assumes trac
 code/templates/list.tmpl: XVM
 code/templates/error.tmpl: xvm@mit.edu
 code/templates/help.tmpl: assumes trac
 code/templates/list.tmpl: XVM

diff --git a/debian/changelog b/debian/changelog
index 55a5caa..f7ad007 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,12 @@
 invirt-web (0.0.16) unstable; urgency=low
 
 invirt-web (0.0.16) unstable; urgency=low
 

+  * Fix a security vulnerability: traditional `pts mem` is in cleartext
+    and could be spoofed.  Use new -encrypt option, which needs tokens.
+

   * make initscript stop command not leave apache2 processes lying around
     (so that restart works)
 
   * make initscript stop command not leave apache2 processes lying around
     (so that restart works)
 

- -- Greg Price <price@mit.edu>  Fri, 19 Dec 2008 22:34:31 -0500
+ -- Greg Price <price@mit.edu>  Tue, 30 Dec 2008 17:31:48 -0500

 
 invirt-web (0.0.15) unstable; urgency=low
 
 
 invirt-web (0.0.15) unstable; urgency=low
 

diff --git a/debian/invirt-web.cron.d b/debian/invirt-web.cron.d
index f1ef598..a27fb7b 100644 (file)
--- a/debian/invirt-web.cron.d
+++ b/debian/invirt-web.cron.d
@@ -5,4 +5,4 @@
 
 MAILTO=root
 
 
 MAILTO=root
 

-*/5 * * * * www-data python /var/www/invirt-web/cache_acls.py
+*/5 * * * * www-data invirt-cache-acls

diff --git a/debian/invirt-web.install b/debian/invirt-web.install
index 9da31b3..a06ff56 100644 (file)
--- a/debian/invirt-web.install
+++ b/debian/invirt-web.install
@@ -1 +1,2 @@
 files/* .
 files/* .

+invirt-cache-acls /usr/bin/

diff --git a/invirt-cache-acls b/invirt-cache-acls
new file mode 100755 (executable)
index 0000000..19673a7
--- /dev/null
+++ b/invirt-cache-acls
@@ -0,0 +1,4 @@
+#!/bin/sh
+kinit -k -t /etc/invirt/keytab daemon/$(hostname -f)
+aklog athena sipb
+python /var/www/invirt-web/cache_acls.py