jantypas@hope.UUCP (John Antypas) (10/30/86)
Rather than repost the entire thing, here is one more file to change
which makes things a bit more secure. Replace commands.c with this
file:
# include <stdio.h>
# include "typedefs.h"
# include "globals.h"
# include "string2.h"
FILE *popen();
/*
* Check command to see if it's OK
*/
ok_command(line)
char line[];
{
int i;
char *c;
c = line;
while (*c != ';') c++;
*c = '\0';
for (i=0; i<=num_cmds; i++)
{
if ((strindex(line,comlist[i]) != -1) &&
(strcmp(line,"") != 0))
{
return(0);
}
}
return(-1);
}
/*
* Commands.c -- Does @ checking
*
* Called by check_commands()
*
*/
do_command(line)
char line[];
{
char *c;
FILE *fp, *fopen();
char name[80];
char buffer[80], buffer2[80];
int proc_id, result;
int status;
char comline[80];
line[strlen(line)-1] = '\0';
if (strncmp(line,"@RR",3) == 0)
{
sprintf(namet,"/usr/ucb/Mail -s \"Return Receipt\" %s",fromline);
fp = popen(namet,"w");
fprintf(fp,"\nHere is the return receipt you requested.\n\n");
pclose(fp);
}
if ((strncmp(line,"@SH",3) == 0) &&
(strcmp(subline,"Command") == 0))
{
c = line; c += 4;
strcpy(buffer,c);
buffer[strlen(buffer)+1] = '\0';
buffer[strlen(buffer)] = ';';
if (ok_command(buffer) == 0)
{
sprintf(buffer2,"%s | /usr/ucb/Mail -s",buffer);
sprintf(buffer2,"%s \"%s\" %s",buffer2,line,fromline);
proc_id = fork();
if (proc_id == 0)
{ execlp("/bin/sh","sh","-c",buffer2,(char *)0); }
wait(&status);
} else
{
sprintf(namet,"/usr/ucb/Mail -s \"MEP\" %s",fromline);
fp = popen(namet,"w");
fprintf(fp,"\nYou do not have access to the command:\n");
fprintf(fp,"\n%s\n",buffer);
pclose(fp);
}
}
}
check_commands()
{
FILE *md, *fopen();
char buffer[512];
md = fopen(namem,"r");
fgets(buffer,512,md);
while (!feof(md))
{
if (buffer[0] == '@') do_command(buffer);
fgets(buffer,512,md);
}
fclose(md);
}