Oops, commit the right version of this (adds extra checks that only

expected commands will be proxied)
author: Kris Kennaway <kris@FreeBSD.org> 2008-07-26 15:34:49 +0000
committer: Kris Kennaway <kris@FreeBSD.org> 2008-07-26 15:34:49 +0000
commit: 54d4698a9f04cce605fa56f762ed2c1be75b06be (patch)
tree: 07c8c634643e654140eec64f895a2fda68ac585c /Tools
parent: 6c3363b444e54c546dfe5127d7a733fe859d8ff8 (diff)
download: ports-54d4698a9f04cce605fa56f762ed2c1be75b06be.tar.gz
ports-54d4698a9f04cce605fa56f762ed2c1be75b06be.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Tools/portbuild/scripts/buildproxy b/Tools/portbuild/scripts/buildproxy
index fae88ab870b7..93c524e541e0 100755
--- a/Tools/portbuild/scripts/buildproxy
+++ b/Tools/portbuild/scripts/buildproxy
@@ -9,6 +9,8 @@ from freebsd import *
 
 SOCKET='/tmp/.build'
 
+valid_cmds = ['create', 'clone', 'portsupdate', 'srcupdate', 'destroy']
+
 def validate(uid, arch):
     if uid == 0:
         return True
@@ -32,6 +34,9 @@ def process(cmd, sockfile):
     except:
         return (254, "Internal error")
 
+    if cmd[1] not in valid_cmds:
+        return (254, "Permission denied")
+
     for i in cmd:
         for j in i:
             if not j.isalnum() and not j in "-_.":
author	Kris Kennaway <kris@FreeBSD.org>	2008-07-26 15:34:49 +0000
committer	Kris Kennaway <kris@FreeBSD.org>	2008-07-26 15:34:49 +0000
commit	54d4698a9f04cce605fa56f762ed2c1be75b06be (patch)
tree	07c8c634643e654140eec64f895a2fda68ac585c /Tools
parent	6c3363b444e54c546dfe5127d7a733fe859d8ff8 (diff)
download	ports-54d4698a9f04cce605fa56f762ed2c1be75b06be.tar.gz ports-54d4698a9f04cce605fa56f762ed2c1be75b06be.zip