From owner-doc-jp@jp.freebsd.org  Mon Mar  6 19:59:08 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id TAA80443;
	Mon, 6 Mar 2000 19:59:08 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from TYO203.gate.nec.co.jp (TYO203.gate.nec.co.jp [202.32.8.211])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id TAA80438
	for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 19:59:07 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailsv.nec.co.jp (mailsv-le1 [192.168.1.90])
	by TYO203.gate.nec.co.jp (8.9.3/3.7W99122211) with ESMTP id TAA22738
	for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 19:59:07 +0900 (JST)
Received: from mmssv.mms.mt.nec.co.jp (mmssv.mms.mt.nec.co.jp [133.201.63.216]) by mailsv.nec.co.jp (8.9.3/3.7W-MAILSV-NEC) with ESMTP
	id TAA04498 for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 19:58:56 +0900 (JST)
Received: from koga.do.mms.mt.nec.co.jp (koga.do.mms.mt.nec.co.jp [10.16.5.16]) by mmssv.mms.mt.nec.co.jp (8.8.4+2.7Wbeta4/3.4W3MMS96052011) with ESMTP id TAA02949 for <doc-jp@jp.freebsd.org>; Mon, 6 Mar 2000 19:55:54 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by koga.do.mms.mt.nec.co.jp (8.9.3/3.7W-00011917) with ESMTP id TAA03889;
	Mon, 6 Mar 2000 19:58:54 +0900 (JST)
Message-Id: <200003061058.TAA03889@koga.do.mms.mt.nec.co.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <200003031957.EAA24619@mail.geocities.co.jp>
References: <20000301192626.9550037C2BB@hub.freebsd.org>
	<200003031957.EAA24619@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Mon, 06 Mar 2000 19:58:53 +0900 (JST)
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Lines: 69
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 7131
Subject: [doc-jp 7131] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:06.htdig
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@geocities.co.jp>:
>  $B$A$g$C$HCY$l$^$7$?$,!"(BSA-00:06.htdig $B$NF|K\8lLu$G$9!#(B

$B$Q$A$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:06                                           Security Advisory
>                                                                 FreeBSD, Inc.
> 
> $B%H%T%C%/(B:       htdig port allows remote reading of files
$B!D(B $B$5$/$C$HN,(B $B!D(B
> FreeBSD $B$N8GM-$+(B:   NO

s/$B$N(B/$B$K(B/

> II.  Problem Description - $BLdBj$N>\:Y(B
> 
> There is a security hole in the htsearch cgi-bin program for versions of
> htdig prior to 3.1.5, which allows remote users to read any file on the
> local system that is accessible to the user ID running htsearch (usually
> the user ID running the webserver process, user 'nobody' in the default
> installation of apache).
> 
> $B%P!<%8%g%s(B 3.1.5 $B0JA0$N(B htdig $B$K4^$^$l$k(B htsearch cgi-bin $B%W%m%0%i%`$K$O(B, 
> $B%;%-%e%j%F%#>e$N<eE@$,B8:_$7$^$9(B.

$B86J8$,$=$&$J$C$F$$$k$s$@$1$I!"(Bcgi-bin $B%W%m%0%i%`$C$FJQ$G$9$h$M!#(B
$B!V(Bhtdig $B$K4^$^$l$k(B htsearch $B$H$$$&(B CGI $B%W%m%0%i%`$K$O!W$"$?$j$G$$$+$,(B
$B$G$7$g$&!)(B

$B$^$?!"!V%;%-%e%j%F%#>e$N<eE@!W$8$c$J$/$F!"$=$N$^$^!V%;%-%e%j%F%#%[!<%k!W(B
$B$G$$$$$H;W$$$^$9!#(B

> III. Impact - $B1F6AHO0O(B
$B!D(B $B$5$/$C$HN,(B $B!D(B
> If you have, then local or remote users who can connect
> to a web server which contains the htsearch cgi-bin executable can read
> any file on your system which is accessible to the user running the
> htsearch process (typically user nobody).
> $B$b$7%$%s%9%H!<%k$7$F$$$k$J$i(B, htsearch cgi-bin $B$,<B9T2DG=$K@_Dj$5$l$F$$$k(B
> $B%&%'%V%5!<%P$K@\B3$G$-$k%m!<%+%k$*$h$S%j%b!<%H%f!<%6$O(B, 
> htsearch $B%W%m%;%9<B9T;~$N%f!<%6(B($BDL>o$O(B nobody $B%f!<%6(B)$B8"8B$G(B
> $B%"%/%;%9$G$-$k(B, $B%7%9%F%`>e$N$9$Y$F$N%U%!%$%k$rFI$_=P$9$3$H$,$G$-$^$9(B.  

$B$3$3$b(B cgi-bin $B$rD>$7$^$7$g$&!#(B

$B!tDL>o$O(B nobody $B$H$$$&$H$3$m$K!"!V13$@!W$HFM$C9~$_$rF~$l$?$/$J$k>WF0$K(B
$B!t$+$i$l$k!#(B

> IV.  Workaround - $BBP1~:v(B
> 
> Remove the /usr/local/share/apache/cgi-bin/htsearch file, if you do not
> make use of it.
> 
> $BI,MW$G$J$1$l$P(B, 
> /usr/local/share/apache/cgi-bin/htsearch $B$H$$$&%U%!%$%k$r:o=|$7$F2<$5$$(B.  

$B$&!<$`!"$J$s$H$J$/LuCmF~$l$?$/$J$kFbMF$@!#(B

$B$^$:!"$3$N%Q%9$O$+$J$jFf!#$3$N(B ports $B$NI8=`E*$J%$%s%9%H!<%k@h$H$O0c$&(B
$B$h$&$G$9!#(B

$B$^$?!":o=|$7$m$H$$$&$N$bMpK=$G!"$=$s$J$3$H$9$k$H(B package $B$N%G!<%?%Y!<(B
$B%9$H@09g$,<h$l$J$/$J$j$^$9$M!#<B9T$G$-$J$$$h$&$K(B ($B%3%T!<$7$F%f!<%6$N$H(B
$B$3$m$G<B9T$G$-$k$h$&$K$5$l$F$b:$$k$N$G(B read $B$b$G$-$J$$$h$&$K!D(B $B$^$!!"(B
$B%m!<%+%k%f!<%6$O$J$s$G$b4m81$J$b$N$r;}$A9~$a$A$c$$$^$9$1$I(B) $B%Q!<%_%7%g(B
$B%s$rMn$;$P:Q$`$3$H$@$H;W$$$^$9!#(B
----
$B$3$,$h$&$$$A$m$&(B
