OpenPKG Specs / file revision

openldap/openldap.patch@0ba300bdf30a

openldap/openldap.patch

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
child 380
4f3b1ee715dd
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

     1 Index: include/ac/fdset.h

     2 --- include/ac/fdset.h.orig	2008-02-12 00:26:40 +0100

     3 +++ include/ac/fdset.h	2008-10-13 11:38:23 +0200

     4 @@ -22,6 +22,13 @@

     5  #ifndef _AC_FDSET_H

     6  #define _AC_FDSET_H

     7  

     8 +#if defined(HAVE_SYS_TYPES_H)

     9 +#include <sys/types.h>

    10 +#endif

    11 +#if defined(HAVE_SYS_SELECT_H)

    12 +#include <sys/select.h>

    13 +#endif

    14 +

    15  #if !defined( OPENLDAP_FD_SETSIZE ) && !defined( FD_SETSIZE )

    16  #  define OPENLDAP_FD_SETSIZE 4096

    17  #endif

    18 Index: include/ldap_int_thread.h

    19 --- include/ldap_int_thread.h.orig	2008-02-12 00:26:40 +0100

    20 +++ include/ldap_int_thread.h	2008-10-13 11:38:23 +0200

    21 @@ -100,6 +100,7 @@

    22   *                                 *

    23   ***********************************/

    24  

    25 +#define _POSIX_PTHREAD_SEMANTICS

    26  #define PTH_SYSCALL_SOFT 1

    27  #include <pth.h>

    28  

    29 Index: libraries/libldap_r/tpool.c

    30 --- libraries/libldap_r/tpool.c.orig	2008-03-21 01:46:03 +0100

    31 +++ libraries/libldap_r/tpool.c	2008-10-13 11:38:23 +0200

    32 @@ -950,6 +950,6 @@

    33  {

    34  	ldap_int_thread_userctx_t *ctx = vctx;

    35  

    36 -	return ctx->ltu_id;

    37 +	return ctx != NULL ? ctx->ltu_id : 0;

    38  }

    39  #endif /* LDAP_THREAD_HAVE_TPOOL */

    40 Index: servers/slapd/back-perl/config.c

    41 --- servers/slapd/back-perl/config.c.orig	2008-02-12 00:26:47 +0100

    42 +++ servers/slapd/back-perl/config.c	2008-10-13 11:38:23 +0200

    43 @@ -49,6 +49,9 @@

    44  		}

    45  

    46  #ifdef PERL_IS_5_6

    47 +		if (argc > 2)

    48 +		    snprintf( eval_str, EVAL_BUF_SIZE, "require \"%s\";", argv[2] );

    49 +		else

    50  		snprintf( eval_str, EVAL_BUF_SIZE, "use %s;", argv[1] );

    51  		eval_pv( eval_str, 0 );

    52

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial