[Kolab-devel] Secure handling of Templates.pm

Bernhard Reiter bernhard at intevation.de
Tue May 18 12:18:21 CEST 2004


On Thursday 13 May 2004 15:23, Stuart Bingë wrote:
> On Thursday 13 May 2004 15:11, cvs at intevation.de wrote:
> > Modified Files:
> > 	Templates.pm
> > Log Message:
> > New file permission handling. This should fix the security
> > vulnerabilities that we've been experiencing
>
> This change allows you to specify the owner and uid/gid of the template
> file in the metadata header. The new meta variables (mvars) are
> 'file_perms', 'file_uid' and 'file_gid'. file_perms defaults to 0644,
> whereas file_uid and file_gid default to the 'kolab' users' uid/gid.
>
> I've updated slapd.conf to utilise this new functionality - it now has
> file_perms set to 0600.
>
> I would appreciate it if someone who is familiar with these sorts of
> security issues to look over my code and check if it's correct. Basically
> what I do is as follows:

Cannot say much about it without deep analysis.
Anybody else?
Did you look at the Erfrakon solution for Kolab 1.0.x?
How does your solution compare to it?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2145 bytes
Desc: signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20040518/446e5fc9/attachment.p7s>


More information about the devel mailing list