1 files changed, 77 insertions, 70 deletions

diff --git a/contrib/check_perms_grsecurity.py b/contrib/check_perms_grsecurity.py
index d46d57a9b..7b27a19f4 100644
--- a/contrib/check_perms_grsecurity.py
+++ b/contrib/check_perms_grsecurity.py
@@ -6,14 +6,14 @@
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
-# 
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software 
+# along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 """Fixes for running Mailman under the `secure-linux' patch or grsecurity.
@@ -35,7 +35,7 @@ files have to be owned by the  mailman UID and only touched by programs that
 are UID mailman.
 At the  same time, We have  to make sure  that at least 3  directories under
 ~mailman aren't writable by mailman: mail, cgi-bin, and bin
- 
+
 Binary commands that are changed to be SUID mailman are also made unreadable
 and unrunnable  by people who aren't  in the mailman group.   This shouldn't
 affect much since most of those commands would fail work if you weren't part
@@ -43,7 +43,7 @@ of the mailman group anyway.
 Scripts in ~mailman/bin/ are  not made suid or sgid, they need  to be run by
 user mailman or root to work.
 
-Marc <marc_soft@merlins.org>/<marc_bts@vasoftware.com> 
+Marc <marc_soft@merlins.org>/<marc_bts@vasoftware.com>
 2000/10/27 - Initial version for secure_linux/openwall and mailman 2.0
 2001/12/09 - Updated version for grsecurity and mailman 2.1
 """
@@ -53,8 +53,10 @@ import os
 import paths
 import re
 import glob
+import pwd
+import grp
 from Mailman import mm_cfg
-from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID
+from Mailman.mm_cfg import MAILMAN_USER, MAILMAN_GROUP
 from stat import *
 
 # Directories that we don't want writable by mailman.
@@ -62,64 +64,69 @@ dirstochownroot= ( 'mail', 'cgi-bin', 'bin' )
 
 # Those are the programs that we patch so that they insist being run under the
 # mailman uid or as root.
-binfilestopatch= ( 'add_members', 'change_pw', 'check_db', 'clone_member', 
-	'config_list', 'newlist', 'qrunner', 'remove_members', 
-	'rmlist', 'sync_members', 'update', 'withlist' )
+binfilestopatch= ( 'add_members', 'change_pw', 'check_db', 'clone_member',
+        'config_list', 'newlist', 'qrunner', 'remove_members',
+        'rmlist', 'sync_members', 'update', 'withlist' )
 
 def main(argv):
     binpath = paths.prefix + '/bin/'
     droplib = binpath + 'CheckFixUid.py'
 
     if len(argv) < 2 or argv[1] != "-f":
-	print __doc__
-	sys.exit(1)
+        print __doc__
+        sys.exit(1)
 
     print "Making select directories owned and writable by root only"
     for dir in dirstochownroot:
-	dirpath = paths.prefix + '/' + dir
-	os.chown(dirpath, 0, MAILMAN_GID)
-	os.chmod(dirpath, 02755)
-	print dirpath
+        dirpath = paths.prefix + '/' + dir
+        os.chown(dirpath, 0, MAILMAN_GID)
+        os.chmod(dirpath, 02755)
+        print dirpath
 
     print
 
     file = paths.prefix + '/data/last_mailman_version'
     print "Making" + file + "owned by mailman (not root)"
-    os.chown(file, MAILMAN_UID, MAILMAN_GID)
+    uid = pwd.getpwnam(MAILMAN_USER)[2]
+    gid = grp.getgrnam(MAILMAN_GROUP)[2]
+    os.chown(file, uid, gid)
     print
 
     if not os.path.exists(droplib):
-	print "Creating " + droplib
-	fp = open(droplib, 'w', 0644)
-	fp.write("""import sys
+        print "Creating " + droplib
+        fp = open(droplib, 'w', 0644)
+        fp.write("""import sys
 import os
-from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID
+import grp, pwd
+from Mailman.mm_cfg import MAILMAN_USER, MAILMAN_GROUP
 
 class CheckFixUid:
     if os.geteuid() == 0:
-	os.setgid(MAILMAN_GID)
-	os.setuid(MAILMAN_UID)
-    if os.geteuid() != MAILMAN_UID:
-	print "You need to run this script as root or mailman because it was configured to run"
-	print "on a linux system with a security patch which restricts hard links"
-	sys.exit()
+        uid = pwd.getpwnam(MAILMAN_USER)[2]
+        gid = grp.getgrnam(MAILMAN_GROUP)[2]
+        os.setgid(gid)
+        os.setuid(uid)
+    if os.geteuid() != uid:
+        print "You need to run this script as root or mailman because it was configured to run"
+        print "on a linux system with a security patch which restricts hard links"
+        sys.exit()
 """)
-	fp.close()
+        fp.close()
     else:
-	print "Skipping creation of " + droplib
+        print "Skipping creation of " + droplib
 
 
     print "\nMaking cgis setuid mailman"
     cgis = glob.glob(paths.prefix + '/cgi-bin/*')
-    
+
     for file in cgis:
-	print file
-	os.chown(file, MAILMAN_UID, MAILMAN_GID)
-	os.chmod(file, 06755)
+        print file
+        os.chown(file, uid, gid)
+        os.chmod(file, 06755)
 
     print "\nMaking mail wrapper setuid mailman"
     file= paths.prefix + '/mail/mailman'
-    os.chown(file, MAILMAN_UID, MAILMAN_GID)
+    os.chown(file, uid, gid)
     os.chmod(file, 06755)
     print file
 
@@ -128,46 +135,46 @@ class CheckFixUid:
     cpcks = glob.glob(paths.prefix + '/lists/*/config.pck*')
 
     for file in cdbs + cpcks:
-	stat = os.stat(file)
-	if (stat[ST_UID] != MAILMAN_UID or stat[ST_GID] != MAILMAN_GID):
-	    print file
-	    os.chown(file, MAILMAN_UID, MAILMAN_GID)
-    
+        stat = os.stat(file)
+        if (stat[ST_UID] != uid or stat[ST_GID] != gid):
+            print file
+            os.chown(file, uid, gid)
+
     print "\nPatching mailman scripts to change the uid to mailman"
 
     for script in binfilestopatch:
-	filefd = open(script, "r")
-	file = filefd.readlines()
-	filefd.close()
+        filefd = open(script, "r")
+        file = filefd.readlines()
+        filefd.close()
 
-	patched = 0
-	try:
-	    file.index("import CheckFixUid\n")
-	    print "Not patching " + script + ", already patched"
-	except ValueError:
-	    file.insert(file.index("import paths\n")+1, "import CheckFixUid\n")
-	    for i in range(len(file)-1, 0, -1):
-		object=re.compile("^([	 ]*)main\(").search(file[i])
-		# Special hack to support patching of update
-		object2=re.compile("^([	    ]*).*=[	 ]*main\(").search(file[i])
-		if object:
-		    print "Patching " + script
-		    file.insert(i, 
-			object.group(1) + "CheckFixUid.CheckFixUid()\n")
-		    patched=1
-		    break
-		if object2:
-		    print "Patching " + script
-		    file.insert(i, 
-			object2.group(1) + "CheckFixUid.CheckFixUid()\n")
-		    patched=1
-		    break
+        patched = 0
+        try:
+            file.index("import CheckFixUid\n")
+            print "Not patching " + script + ", already patched"
+        except ValueError:
+            file.insert(file.index("import paths\n")+1, "import CheckFixUid\n")
+            for i in range(len(file)-1, 0, -1):
+                object=re.compile("^([   ]*)main\(").search(file[i])
+                # Special hack to support patching of update
+                object2=re.compile("^([     ]*).*=[      ]*main\(").search(file[i])
+                if object:
+                    print "Patching " + script
+                    file.insert(i,
+                        object.group(1) + "CheckFixUid.CheckFixUid()\n")
+                    patched=1
+      break
+                if object2:
+                    print "Patching " + script
+                    file.insert(i, 
+                        object2.group(1) + "CheckFixUid.CheckFixUid()\n")
+                    patched=1
+                    break
 
-	    if patched==0:
-		print "Warning, file "+script+" couldn't be patched."
-		print "If you use it, mailman may not function properly"
-	    else:
-		filefd=open(script, "w")
-		filefd.writelines(file)
-	    
+            if patched==0:
+                print "Warning, file "+script+" couldn't be patched."
+                print "If you use it, mailman may not function properly"
+            else:
+                filefd=open(script, "w")
+                filefd.writelines(file)
+            
 main(sys.argv)