Update of /cvsroot/mhonarc/mhonarc/MHonArc/doc/_helper
In directory subversions:/tmp/cvs-serv8630/doc/_helper
Modified Files:
addrcindex.pl mkrestmpl.pl resource.lst
Log Message:
* New resources:
DBFILEPERMS File permissions for DBFILE.
FILEPERMS File permissions for archive files.
* Archive file creation modified to minimize the local symlink exploits:
1. A temp file with a random name is first created and written to.
2. Temp file is compressed if GZIPFILES is active.
3. Temp file is renamed to final filename.
4. File permissions are set according to FILEPERMS/DBFILEPERMS.
Using a random temp filename makes it difficult for someone to
predict filenames to execute a symlink exploit. The rename operation
is immune to symlink exploits, hence trying to using well-known names
(e.g. maillist.html, threads.html) for exploitation will not work.
Generation of temp files is done via the File::Temp module, if
installed. If not installed, a homegrown implementation is used.
Although not as secure and robust as File::Temp, it's better than
nothing and should provide a decent deterrent.
* Setuid/setgid execution causes mhonarc to terminate with an error.
Mhonarc does not pass taint checks, so we abort with an error that
setuid/setgid execution is not supported. MHonArc is too insecure
for setuid operation and trying to make it setuid-safe would require
alot of work and potentially limit a large amount of functionality.
* Added check for Fcntl and File::Basename modules in FILELIST.
* Added stylesheet for documentation. Main page docs updated to
include class attributes to get desired rendering. Updating
resource reference pages will be done gradually to leverage
style settings. Since there is so many pages, it will be done
on a page-by-page basis. Maybe I can write a perl script that
could auto-add class atteibutes where appropriate.
Index: addrcindex.pl
===================================================================
RCS file: /cvsroot/mhonarc/mhonarc/MHonArc/doc/_helper/addrcindex.pl,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** addrcindex.pl 24 Jul 1999 21:12:54 -0000 1.5
--- addrcindex.pl 20 Nov 2002 23:53:08 -0000 1.6
***************
*** 29,33 ****
select(OUT);
print <<EndOfText;
! <table border=0>
<tr>
<td align="right"><b>Resource</b></td><td><b>Description</b></td>
--- 29,33 ----
select(OUT);
print <<EndOfText;
! <table class="tip" border=0>
<tr>
<td align="right"><b>Resource</b></td><td><b>Description</b></td>
Index: mkrestmpl.pl
===================================================================
RCS file: /cvsroot/mhonarc/mhonarc/MHonArc/doc/_helper/mkrestmpl.pl,v
retrieving revision 1.20
retrieving revision 1.21
diff -C2 -r1.20 -r1.21
*** mkrestmpl.pl 27 Jun 2002 00:06:14 -0000 1.20
--- mkrestmpl.pl 20 Nov 2002 23:53:08 -0000 1.21
***************
*** 16,24 ****
<head>
<title>MHonArc Resources: $Name</title>
</head>
<body>
! <em><a href="../resources.html#$name">MHonArc Resource List</a></em> |
! <a href="../mhonarc.html">TOC</a>
<hr>
--- 16,25 ----
<head>
<title>MHonArc Resources: $Name</title>
+ <link rel="stylesheet" type="text/css" href="../docstyles.css">
</head>
<body>
! <!--x-rc-nav-->
! <!--/x-rc-nav-->
<hr>
***************
*** 95,98 ****
--- 96,102 ----
<!-- *************************************************************** -->
+ <hr>
+ <!--x-rc-nav-->
+ <!--/x-rc-nav-->
<hr>
<address>
Index: resource.lst
===================================================================
RCS file: /cvsroot/mhonarc/mhonarc/MHonArc/doc/_helper/resource.lst,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -r1.41 -r1.42
*** resource.lst 17 Nov 2002 03:38:52 -0000 1.41
--- resource.lst 20 Nov 2002 23:53:08 -0000 1.42
***************
*** 16,19 ****
--- 16,20 ----
dayend:::<DAYEND>::Markup at the end of a day group.
dbfile::M2H_DBFILE::-dbfile:Name of archive database file.
+ dbfileperms::M2H_DBFILEPERMS:<DBFILEPERMS>:-dbfileperms:File permissions for DBFILE.
decodeheads::M2H_DECODEHEADS:<DECODEHEADS>,<NODECODEHEADS>:-decodeheads,-nodecodeheads:Store "decode-only" characters sets in raw form.
definederived:M::<DEFINEDERIVED>::Define extra file(s) to generate for each message page.
***************
*** 31,34 ****
--- 32,36 ----
fieldsend:::<FIELDSEND>::Ending markup of message header.
fieldstyles:::<FIELDSTYLES>::Define HTML elements that wrap field text of message headers.
+ fileperms::M2H_FILEPERMS:<FILEPERMS>:-fileperms:File permissions for archive files.
firstpglink:i::<FIRSTPGLINK>::Link markup for first page of main index.
fldbeg:::<FLDBEG>::Markup before field text.
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV