Use setuid scripts to handle mail.

Bug #344695 r=bear

webtools/tinderbox/Makefile

@@ -47,6 +47,8 @@
 #PERL = /usr/bin/perl
 #UUDECODE = /usr/bin/uudecode
 
+SETUID_PATH = '/usr/bin:/bin'
+
 # End SERVER_CONFIGURATION
 
 ALL_UTILS = GZIP PERL UUDECODE
@@ -59,13 +61,18 @@ EXE_FILES = \
 	clean.pl \
 	doadmin.cgi \
 	fixupimages.pl \
-	handlemail.pl \
-	processbuild.pl	\
 	showbuilds.cgi \
 	showimages.cgi \
 	showlog.cgi \
 	$(NULL)
 
+SETUID_SCRIPTS = \
+	handlemail.pl \
+	processbuild.pl	\
+	scrape.pl \
+	warnings.pl \
+	$(NULL)
+
 FILES = \
 	Backwards.pm \
 	ep_mac.pl \
@@ -73,6 +80,7 @@ FILES = \
 	ep_windows.pl \
 	header.pl \
 	imagelog.pl \
+	showbuilds.pl \
 	tbglobals.pl \
 	viewvc.pl \
 	Empty.html \
@@ -112,7 +120,7 @@ install:
 	$(foreach u,$(ALL_UTILS),$(if $($u),,$(error $u must be set to the full path of the utility)))
 	mkdir -p $(TINDERBOX_DIR)/examples
 	set -e ; \
-	for I in $(FILES) $(EXE_FILES); do \
+	for I in $(FILES) $(EXE_FILES) $(SETUID_SCRIPTS); do \
 	  echo Installing $$I && \
           sed -e s#/usr/bonsaitools/bin/perl#$(PERL)#g \
               -e s#/tools/ns/bin/perl5#$(PERL)#g \
@@ -121,10 +129,13 @@ install:
               -e s#/tools/ns/bin/uudecode#$(UUDECODE)#g \
               -e s#/d/webdocs/projects/bonsai#$(BONSAI_DIR)#g \
               -e s#\.\./bonsai#$(BONSAI_URL)#g \
+              -e s#@TINDERBOX_DIR@#$(TINDERBOX_DIR)#g \
+              -e s#@SETUID_PATH@#$(SETUID_PATH)#g \
               $$I > $(TINDERBOX_DIR)/$$I && \
 	   chmod 644 $(TINDERBOX_DIR)/$$I; \
 	done
 	chmod 755 $(addprefix $(TINDERBOX_DIR)/,$(EXE_FILES))
+	chmod 4755 $(addprefix $(TINDERBOX_DIR)/,$(SETUID_SCRIPTS))
 	set -e ; \
 	for I in $(PICS); do \
 	  echo Installing $$I && \

webtools/tinderbox/addnote.cgi

@@ -23,6 +23,7 @@
 use Fcntl;
 
 require 'tbglobals.pl';
+require 'showbuilds.pl';
 
 # Process the form arguments
 %form = ();

webtools/tinderbox/buildwho.pl

@@ -24,9 +24,12 @@ use FileHandle;
 use File::Copy 'move';
 use Fcntl qw(:DEFAULT :flock);
 
+use lib "@TINDERBOX_DIR@";
 require 'tbglobals.pl';
 $F_DEBUG=1;
 
+$ENV{'PATH'} = "@SETUID_PATH@";
+
 # Process args:
 #   $days: How many days of data to process.
 #   $tree: Which tree to use.
@@ -34,9 +37,9 @@ $days = $tree = undef;
 
 if ($ARGV[0] eq '-days') {
     shift;
-    $days = shift;
+    $days = &trick_taint(shift);
 }
-$tree = shift;
+$tree = &trick_taint(shift);
 
 &usage() if (!defined($tree));
 

webtools/tinderbox/handlemail.pl

@@ -20,31 +20,11 @@
 #
 # Contributor(s): 
 
-# Figure out which directory tinderbox is in by looking at argv[0].  Unless
-# there is a command line argument; if there is, just use that.
+$ENV{'PATH'} = "@SETUID_PATH@";
 
-$tinderboxdir = $0;
-$tinderboxdir =~ s:/[^/]*$::;      # Remove last word, and slash before it.
-if ($tinderboxdir eq "") {
-    $tinderboxdir = ".";
-}
+$tinderboxdir = "@TINDERBOX_DIR@";
 
-if (@ARGV > 0) {
-    $tinderboxdir = $ARGV[0];
-}
-
-print "tinderbox = $tinderboxdir\n"; 
-
-chdir $tinderboxdir || die "Couldn't chdir to $tinderboxdir"; 
-
-
-open(DF, ">data/tbx.$$") || die "could not open data/tbx.$$";
-while(<STDIN>){
-    print DF $_;
-}
-close(DF);
-
-$err = system("./processbuild.pl", "data/tbx.$$");
+$err = system("cat | $tinderboxdir/processbuild.pl");
 
 if( $err ) {
     die "processbuild.pl returned an error\n";

webtools/tinderbox/processbuild.pl

@@ -21,15 +21,33 @@
 # Contributor(s): 
 
 use Time::Local;
+use lib "@TINDERBOX_DIR@";
 require 'tbglobals.pl'; # for $gzip
 
 umask 002;
 
+$ENV{'PATH'} = "@SETUID_PATH@";
+
+$tinderboxdir = "@TINDERBOX_DIR@";
+
+chdir $tinderboxdir || die "Couldn't chdir to $tinderboxdir"; 
+
 if ($ARGV[0] eq '--check-mail') {
   $only_check_mail = 1;
   shift @ARGV;
 }
-$mail_file = $ARGV[0];
+
+# If datafile is given on the commandline, use it.  Otherwise, read from STDIN
+$mail_file = shift;
+if (!defined($mail_file)) {
+    $mail_file = "data/tbx.$$";
+
+    open(DF, ">$mail_file") || die "could not open $mail_file";
+    while(<STDIN>){
+        print DF $_;
+    }
+    close(DF);
+}
 
 %MAIL_HEADER = ();
 %tinderbox = ();
@@ -97,8 +115,10 @@ if ($scrape_builds->{$tinderbox{build}}
 
 # Static pages
 #   For Sidebar flash and tinderbox panels.
-$ENV{QUERY_STRING}="tree=$tinderbox{tree}&static=1";
-system("./showbuilds.cgi");
+my $rel_path = ''; 
+require 'showbuilds.pl';
+$tree = $tinderbox{tree};
+&tb_build_static();
 
 # end of main
 ######################################################################
@@ -116,7 +136,7 @@ sub parse_log_variables {
       last if /^tinderbox: END/;
       my ($key, $value) = (split /:\s*/, $_, 3)[1..2];
       $value =~ s/\s*$//;
-      $tbx->{$key} = $value;
+      $tbx->{$key} = &trick_taint($value);
     }
   }
 }

webtools/tinderbox/scrape.pl

@@ -31,9 +31,10 @@ sub usage {
 }
 
 use FileHandle;
+use lib "@TINDERBOX_DIR@";
 
 # This is for gunzip (Should add a configure script to handle this).
-$ENV{PATH} .= ":/usr/local/bin";
+$ENV{PATH} = "@SETUID_PATH@";
 
 unless ($#ARGV == 1) {
   &usage;

webtools/tinderbox/tbglobals.pl

@@ -76,6 +76,13 @@ $display_accurate_build_end_times = 1;
 
 1;
 
+sub trick_taint{
+    my $in = shift;
+    return undef if !defined($in);
+    $in =~ /(.*)/;
+    return $1;
+}
+
 sub lock{
 }
 
@@ -494,13 +501,6 @@ sub tb_find_build_record {
   return $buildrec;
 }
 
-sub tb_build_static {
-  # Build tinderbox static pages
-  $ENV{QUERY_STRING}="tree=$tree&static=1";
-  $ENV{REQUEST_METHOD}="GET";
-  system("./showbuilds.cgi >/dev/null&");
-}
-
 # end of public functions
 #============================================================
 

webtools/tinderbox/warnings.pl

@@ -30,6 +30,7 @@
 #
 
 use FileHandle;
+use lib "@TINDERBOX_DIR@";
 
 # A few global variables are used in the program.
 #
@@ -78,8 +79,7 @@ sub usage {
   warn "usage: warnings.pl <tree/logfile>\n";
 }
 
-# This is for gunzip (should add a configure script to handle this).
-$ENV{PATH} .= "/bin:/usr/local/bin";
+$ENV{PATH} = "@SETUID_PATH@";
 
 $debug = 1, shift @ARGV if $ARGV[0] eq '--debug';