Source Code 1994 March

home *** CD-ROM | disk | FTP | other *** search

/ Source Code 1994 March / Source_Code_CD-ROM_Walnut_Creek_March_1994.iso / compsrcs / unix / volume26 / kit / pch24 < prev next >

Wrap

Text File | 1993-05-04 | 17.4 KB | 615 lines

Newsgroups: comp.sources.unix From: ram@acri.fr (Raphael Manfredi) Subject: v26i231: kit - the ultimate mailing kit, Patch24 Sender: unix-sources-moderator@efficacy.home.vix.com Approved: WhoAmI@efficacy.home.vix.com Submitted-By: ram@acri.fr (Raphael Manfredi) Posting-Number: Volume 26, Issue 231 Archive-Name: kit/pch24 [The latest patch for kit version 2.0 is #28.] System: kit version 2.0 Patch #: 24 Priority: LOW Subject: new target 'secure' for alien code detection in archive Subject: new option -d to specify directory where kits are Subject: added security checks (options -s and -S) on shell archives Subject: avoid sending an acknowledgment when -l option used Subject: (reported by Christian Bertin <bertin@acri.fr>) Subject: documents new options -d, -s and -S for unkit Subject: new file 'secure' installed in private library Date: Mon Feb 8 18:15:27 PST 1993 From: Raphael Manfredi <ram@eiffel.com> Description: Avoid sending an acknowledgment when -l option used, which is rather annoying. Besides, it is incorrect! (reported by Christian Bertin <bertin@acri.fr>) New options -d, -s and -S for unkit Unkit will now perform security checks on the shell archives, in a vaillant attempt to detect alien code which could, for instance, install trojan horses on the behalf of the user. See manual page for details. Fix: From rn, say "| patch -p -N -d DIR", where DIR is your kit source directory. Outside of rn, say "cd DIR; patch -p -N <thisarticle". If you don't have the patch program, apply the following by hand, or get patch (version 2.0, latest patchlevel). After patching: make clean # Important to update patchlevel in files Configure -d make make install If patch indicates that patchlevel is the wrong version, you may need to apply one or more previous patches, or the patch may already have been applied. See the patchlevel.h file to find out what has or has not been applied. In any event, don't continue with the patch. If you are missing previous patches they can be obtained from me: Raphael Manfredi <ram@eiffel.com> If you send a mail message of the following form it will greatly speed processing: Subject: Command @SH mailpatch PATH kit 2.0 LIST ^ note the c where PATH is a return path FROM ME TO YOU either in Internet notation, or in bang notation from some well-known host, and LIST is the number of one or more patches you need, separated by spaces, commas, and/or hyphens. Saying 35- says everything from 35 to the end. To get some more detailed instructions, send me the following mail: Subject: Command @SH mailhelp PATH Index: patchlevel.h Prereq: 23 2c2 < #define PATCHLEVEL 23 --- > #define PATCHLEVEL 24 Index: kit/unkit.SH Prereq: 2.0.1.15 *** kit/unkit.SH.old Mon Feb 8 18:15:15 1993 --- kit/unkit.SH Mon Feb 8 18:15:17 1993 *************** *** 19,27 **** # @(#) (c) E. Mogenet April 1990 # @(#) (c) R. Manfredi, 1990 1991 ! # $Id: unkit.SH,v 2.0.1.15 93/01/11 18:07:29 ram Exp $ # # $Log: unkit.SH,v $ # Revision 2.0.1.15 93/01/11 18:07:29 ram # patch22: now uses external getopt script for option parsing # patch22: fixed some typos in the help message --- 19,33 ---- # @(#) (c) E. Mogenet April 1990 # @(#) (c) R. Manfredi, 1990 1991 ! # $Id: unkit.SH,v 2.0.1.16 93/02/08 18:13:58 ram Exp $ # # $Log: unkit.SH,v $ + # Revision 2.0.1.16 93/02/08 18:13:58 ram + # patch24: new option -d to specify directory where kits are + # patch24: added security checks (options -s and -S) on shell archives + # patch24: avoid sending an acknowledgment when -l option used + # patch24: (reported by Christian Bertin <bertin@acri.fr>) + # # Revision 2.0.1.15 93/01/11 18:07:29 ram # patch22: now uses external getopt script for option parsing # patch22: fixed some typos in the help message *************** *** 119,124 **** --- 125,134 ---- decoding=hexdecode # Default decoding program preserve=yes # Preserve input files by default + secure=yes # Security checks by default + extra_secure=no # Don't be too strict + ack=yes # Acknowledgment sent if present + directory='' # Cd there before starting extraction usebtar='' # Do not use badtar key='' # Key for DES decoding *************** *** 128,146 **** # Old Bourne shells do not have functions usage=' ! echo "Usage: unkit [-bhlprV] [-k key] [file1 ... filen]"; echo " "" -b : force use of badtar ($badtar by default)."; echo " "" -h : give this help message."; echo " "" -k : set the key used for data decryption."; echo " "" -l : list files held in the kit parts."; echo " "" -p : preserve input files (default)."; echo " "" -r : remove input files if unshar succeeds."; echo " "" -V : print current version and patch-level."; exit 1 ' # Process the command line options ! eval "set X "`$libdir/getopt bhlprVk: "$@"`; shift while test $# -gt 0 do case "$1" in --- 138,159 ---- # Old Bourne shells do not have functions usage=' ! echo "Usage: unkit [-bhlprsSV] [-d dir] [-k key] [file1 ... filen]"; echo " "" -b : force use of badtar ($badtar by default)."; + echo " "" -d : cd to specified directory before starting extraction."; echo " "" -h : give this help message."; echo " "" -k : set the key used for data decryption."; echo " "" -l : list files held in the kit parts."; echo " "" -p : preserve input files (default)."; echo " "" -r : remove input files if unshar succeeds."; + echo " "" -s : skip security checks on shell-archives."; + echo " "" -S : extra secure; abort if security checks cannot be made."; echo " "" -V : print current version and patch-level."; exit 1 ' # Process the command line options ! eval "set X "`$libdir/getopt bhlprsSVd:k: "$@"`; shift while test $# -gt 0 do case "$1" in *************** *** 156,161 **** --- 169,175 ---- -h) eval $usage;; -l) tar_opt=tvf preserve=yes + ack=no shift;; -b) usebtar='true' shift;; *************** *** 162,167 **** --- 176,188 ---- -k) key="-k $2" shift shift;; + -s) secure=no + shift;; + -S) extra_secure=yes + shift;; + -d) directory="$2" + shift + shift;; --) shift break ;; *************** *** 199,204 **** --- 220,238 ---- list='' count=0 + # Go to specified directory before starting, if necessary + case "$directory" in + '') ;; + *) + if cd $directory; then + : ok + else + echo "unkit: cannot cd to $directory." >&2 + exit 1 + fi + ;; + esac + for file in $*; do # Use perl if possible, as it does not have this stupid awk limitation # about the maximum number of opened files. However, I want this to *************** *** 283,299 **** ;; esac # Loop over each identified kit part and unshar it for i do # The command expects "$a" to be the parameter. ! eval "a=$i; $unshar_cmd" && ! (test $preserve = no && rm $i) done # Clean up extracted parts (save disk space before tar extraction) rm -f zag.[tx][mt]* # Now check for file names to find how to decode if test -f z[ace][gbc].ba.aa -a ! -f ark*isdone then --- 317,379 ---- ;; esac + # Security checks need perl, unfortunately. + if (perl -v) >/dev/null 2>&1; then + : nothing + else + secure=no + case "$extra_secure" in + yes) + echo "unkit: cannot perform security checks (perl not found)." >&2 + rm -f zag.[tx][mt]* + exit 1 + ;; + esac + fi + # Loop over each identified kit part and unshar it + unsecure='' for i do + # Ensure archive does not contain any alien code. + run_unshar=yes + case "$secure" in + yes) + if perl $libdir/secure $i; then + : ok + else + echo "unkit: skipping unsecure shell archive $i (for now)." >&2 + unsecure="$unsecure $i" + run_unshar=no + fi + ;; + esac + # The command expects "$a" to be the parameter. ! case "$run_unshar" in ! yes) ! eval "a=$i; $unshar_cmd" && ! (test $preserve = no && rm $i) ! ;; ! esac done # Clean up extracted parts (save disk space before tar extraction) rm -f zag.[tx][mt]* + # Should unsecure parts have been found, signal it again and abort + case "$unsecure" in + '') ;; + *) + echo "unkit: the following parts are unsecure:" >&2 + set X $unsecure + shift + echo $* | tr ' ' '\012' | sed -e 's/^/ /' >&2 + echo "unkit: aborting." >&2 + exit 1 + ;; + esac + # Now check for file names to find how to decode if test -f z[ace][gbc].ba.aa -a ! -f ark*isdone then *************** *** 330,336 **** eval "$tarcmd" && status=0 # Send acknowledgment only when unpacking was successful. ! if test -f zzz.ack -a $status -eq 0; then sender=`cat zzz.ack` subject=`cat zzz.subject` echo "Sending acknowledgment to $sender..." --- 410,416 ---- eval "$tarcmd" && status=0 # Send acknowledgment only when unpacking was successful. ! if test $ack = 'yes' -a -f zzz.ack -a $status -eq 0; then sender=`cat zzz.ack` subject=`cat zzz.subject` echo "Sending acknowledgment to $sender..." Index: man/kit.SH Prereq: 2.0.1.11 *** man/kit.SH.old Mon Feb 8 18:15:21 1993 --- man/kit.SH Mon Feb 8 18:15:22 1993 *************** *** 18,26 **** .TH KIT $manext "Version $VERSION PL$PATCHLEVEL" ''' @(#) Manual page for mailing kit -- (c) ram July 1990 ''' ! ''' $Id: kit.SH,v 2.0.1.11 93/01/11 18:08:33 ram Exp $ ''' ''' $Log: kit.SH,v $ ''' Revision 2.0.1.11 93/01/11 18:08:33 ram ''' patch22: manual page now carries version number and patchlevel ''' patch22: added OPTIONS section for quick reference --- 18,30 ---- .TH KIT $manext "Version $VERSION PL$PATCHLEVEL" ''' @(#) Manual page for mailing kit -- (c) ram July 1990 ''' ! ''' $Id: kit.SH,v 2.0.1.12 93/02/08 18:14:56 ram Exp $ ''' ''' $Log: kit.SH,v $ + ''' Revision 2.0.1.12 93/02/08 18:14:56 ram + ''' patch24: documents new options -d, -s and -S for unkit + ''' patch24: new file 'secure' installed in private library + ''' ''' Revision 2.0.1.11 93/01/11 18:08:33 ram ''' patch22: manual page now carries version number and patchlevel ''' patch22: added OPTIONS section for quick reference *************** *** 85,91 **** \fBmailkit\fR [ \fB\-EFVcefhp\fR ] [ \fB\-l\fI file\fR ] [ \fB\-n\fI partname\fR ] \fItitle\fR [ \fIaddress(es)\fR ] .sp ! \fBunkit\fR [ \fB\-bhlprV\fR ] [ \fB\-k\fI key\fR ] [ \fIfiles\fR ] .SH DESCRIPTION ''' ''' Kit --- 89,96 ---- \fBmailkit\fR [ \fB\-EFVcefhp\fR ] [ \fB\-l\fI file\fR ] [ \fB\-n\fI partname\fR ] \fItitle\fR [ \fIaddress(es)\fR ] .sp ! \fBunkit\fR [ \fB\-bhlprsSV\fR ] [\fB\-d\fI dir\fR ] ! [ \fB\-k\fI key\fR ] [ \fIfiles\fR ] .SH DESCRIPTION ''' ''' Kit *************** *** 244,249 **** --- 249,264 ---- specify the key to be used by DES. If you do not supply it, DES will prompt you on the terminal. .PP + By default, \fIunkit\fR will perform security checks on the shell archives + (if \fIperl\fR is available) to detect alien code. It will skip those parts + containing suspicious code which should not be part of the archive. You may + explicitely skip those checks by using the \fB\-s\fR option, which should be + used only when \fIunkit\fR input can be reliably trusted. Unfortunately, the + script used to make those checks is written in \fIperl\fR, so nothing will + happen if \fIperl\fR is not in your PATH. The \fB\-S\fR option will make kit + abort with an error if it is unable to perform security checks due to the + absence of \fIperl\fR. + .PP For all of these commands, option \fB\-V\fR prints the version number with the current patch level and exits, while \fB\-h\fR gives a little help message with the syntax and the meaning of the options. *************** *** 391,396 **** --- 406,416 ---- .PP \fIUnkit\fR uses the following options: .TP 15 + .B \-S + Complain loudly and abort if \fIperl\fR is not found, since that would make + it impossible to check each kit part for possible alien code before running + them through the shell. + .TP .B \-V Print version number and patchlevel. .TP *************** *** 397,402 **** --- 417,425 ---- .B \-b Force usage of \fIbadtar\fR. .TP + .B \-d\fI dir + Go to \fIdir\fR before starting extraction. + .TP .B \-h Print usage and option summary. .TP *************** *** 410,415 **** --- 433,442 ---- .TP .B \-r Remove input files if unshar succeeds. + .TP + .B \-s + Force skipping of security checks, which are conducted only if \fIperl\fR is + available in your PATH. .SH FILES .PD 0 .TP 15 *************** *** 451,456 **** --- 478,486 ---- .TP $privlib/rshar a simple shell archive maker. + .TP + $privlib/secure + security checks (detection of alien code) in kit archives. .PD .SH ENVIRONMENT The following environment variables are paid attention to by \fImailkit\fR. If Index: kit/secure *** kit/secure.old Mon Feb 8 18:15:11 1993 --- kit/secure Mon Feb 8 18:15:12 1993 *************** *** 0 **** --- 1,78 ---- + #!/usr/bin/perl + + # $Id: secure,v 2.0.1.1 93/02/08 18:12:21 ram Exp $ + # + # $Log: secure,v $ + # Revision 2.0.1.1 93/02/08 18:12:21 ram + # patch24: created + # + + # Scan shell archive (the subset used by kit) and determines if it contains + # alien code which could be a virus of some sort and infect the machine or + # the user's account when ran through a shell. + # Unfortunately, perl is needed to make those checks. + # + # This program knows about the format of shell archives created by cshar or + # makeshar, for kit purposes. We know for instance there will never be a + # need for mkdir. + + while (<>) { + m|^#! /bin/sh| && ($in = 1) && next; + next unless $in; # Not in archive yet + chop; + /^END_OF_FILE$/ && (($file = 0) || next); + next if $file; # Inside file extraction + s/^\s+//; # Strip leading blanks + /^#/ && next; # Shell comment + /^$/ && next; # Blank line + $scanned = $_; # Save current line before modifications + if (/^sed/) { # Must be file extraction + $file = 1; + next if + m|^sed\s+['"]s/\^X//['"]\s*>\s*'?[\w.]+'?\s*<<\s*'END_OF_FILE'$|; + &error; + } elsif (s/^PATH=(.*); export PATH$/$1/) { + &strong_check; + } elsif (/^fi/ || /^else/ || /^exit/ || /^done/) { + &loose_check; + } elsif (/^echo/) { + s/\\\\/\01/g; # \\ -> ^A + s/\\.//g; # Remove escaped characters + s/\01/\\/; # ^A -> \ (forbidden anyway) + &echo_check; + } elsif (s/^if (.*); then\s*$/$1/) { + next if /^test -f '[\w.]+' -a "\$\{1\}\" != "-c"\s*$/; + next if /^test \d+ -ne `wc -c <\s*'[\w.]+'`\s*$/; + next if /^test ! -f ark\$\{i\}isdone\s*$/i; + next if /^test "\$\{missing\}" = ""\s*$/i; + &error; + } elsif (s/^rm //) { + next if /^-f ark\[1-9\]isdone$/; + &error; + } elsif (s/^cp //) { + next if m|^/dev/null ark\d+isdone$|; + &error; + } elsif (s/^chmod //) { + next if m|^\+x '[\w.]+'$|; + &erorr; + } elsif (s/^for (.*); do\s*$/$1/) { + &loose_check; + } else { + next if /^missing="(\$\{missing\}\s+\$\{i\})?"$/i; + &error; + } + } + + exit($errors ? 1 : 0); # Exit status (0 means ok) + + # Unsafe operation was detected + sub error { + print STDERR "unkit: \"$ARGV\", suspicious line $.: $scanned\n"; + $errors++; + } + + # Check arguments to echo (no fear for () or {} subshells for instance), etc... + sub echo_check { &error if /[&^*[`\\|;><?]/; } + sub loose_check { &error if /[&^*([{}`\\|;><?]/; } + sub strong_check { &error if /[=\$^&*([{}`\\|;><?]/; } + Index: kit/Makefile.SH Prereq: 2.0.1.7 *** kit/Makefile.SH.old Mon Feb 8 18:15:09 1993 --- kit/Makefile.SH Mon Feb 8 18:15:09 1993 *************** *** 18,26 **** # Makefile for kit (sub-directory kit) # ! # $Id: Makefile.SH,v 2.0.1.7 93/01/11 18:04:13 ram Exp $ # # $Log: Makefile.SH,v $ # Revision 2.0.1.7 93/01/11 18:04:13 ram # patch22: new getopt target # --- 18,29 ---- # Makefile for kit (sub-directory kit) # ! # $Id: Makefile.SH,v 2.0.1.8 93/02/08 18:12:09 ram Exp $ # # $Log: Makefile.SH,v $ + # Revision 2.0.1.8 93/02/08 18:12:09 ram + # patch24: new target 'secure' for alien code detection in archive + # # Revision 2.0.1.7 93/01/11 18:04:13 ram # patch22: new getopt target # *************** *** 56,63 **** !GROK!THIS! $spitshell >>Makefile <<'!NO!SUBS!' bin = kit mailkit unkit ! lib = minikit range getopt ! scripts = $(bin) $(lib) scriptsh = kit.SH mailkit.SH unkit.SH minikit.SH added = Makefile config.sh --- 59,68 ---- !GROK!THIS! $spitshell >>Makefile <<'!NO!SUBS!' bin = kit mailkit unkit ! libsh = minikit range getopt ! lib = secure ! scripts = $(bin) $(libsh) $(lib) ! scriptmade = $(bin) $(libsh) scriptsh = kit.SH mailkit.SH unkit.SH minikit.SH added = Makefile config.sh *************** *** 87,98 **** ../install -m 755 $$file $(binsh); \ done ../install -d $(libdir) ! -for file in $(lib); do \ ../install -m 755 $$file $(libdir); \ done clean: ! $(RM) -f $(scripts) realclean clobber: clean $(RM) -f $(added) --- 92,103 ---- ../install -m 755 $$file $(binsh); \ done ../install -d $(libdir) ! -for file in $(libsh) $(lib); do \ ../install -m 755 $$file $(libdir); \ done clean: ! $(RM) -f $(scriptmade) realclean clobber: clean $(RM) -f $(added) Index: MANIFEST *** MANIFEST.old Mon Feb 8 18:15:25 1993 --- MANIFEST Mon Feb 8 18:15:25 1993 *************** *** 30,35 **** --- 30,36 ---- kit/mailkit.SH Mails parts generated by "kit" kit/minikit.SH The minikit script for kit extraction kit/range.SH Run range expansion within specified bound + kit/secure Alien code detector for kit archives kit/unkit.SH Reversal of "kit" man/Makefile.SH Makefile for manual pages man/atob.SH Manual page for "atob" *** End of Patch 24 ***