[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] tests/syslogd.sh and /tmp
From: |
Mats Erik Andersson |
Subject: |
Re: [bug-inetutils] tests/syslogd.sh and /tmp |
Date: |
Thu, 19 Jan 2012 10:23:37 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Collecting all deficiencies.
torsdag den 19 januari 2012 klockan 09:01 skrev Simon Josefsson detta:
> address@hidden (Ludovic Courtès) writes:
>
> > Hello,
> >
> > tests/syslogd.sh requires a writable /tmp.
>
> Looking further at that test, it seems buggy from another point of view
> as well: the filenames are prone to a race condition when two or more
> InetUtils instances is built at the same time. The filenames used are:
>
> # This good name base consumes twentythree chracters.
> IU_GOOD_BASE=/tmp/$(date +%y-%m-%d)_socket_iu
> # Add a single character to violate the size condition.
> IU_BAD_BASE=/tmp/X$(date +%y-%m-%d)_socket_iu
>
> Further, having predictable filenames has often been used by non-root
> users to mount a privilege-escalation attack (just wait until the root
> user runs the script), but I haven't reviewed the script if it has this
> problem as well.
>
> Normal practice is to use 'mktemp'.
>
> > The workaround I???ve used in Guile is to cd $TMPDIR, create ./my-socket,
> > and use that.
>
> I would prefer a mktemp+cd approach. It is the most secure, follows
> best practices, and is the most portable.
1. Replace $(( )) by `expr `.
2. logger(1) needs a rooted path "/this/starts/at/the/bottom".
This rules out the "cd"-technique as viable work around.
3. The first illegal length is 109 or 105, depending on system.
4. Very long $TMPDIR must still be short enough to insert some
random text in a template. Otherwise the subtest must be skipped.
Happy hacking,
Mats E A
Re: [bug-inetutils] tests/syslogd.sh and /tmp, Ludovic Courtès, 2012/01/18
Re: [bug-inetutils] tests/syslogd.sh and /tmp, Simon Josefsson, 2012/01/19
- Re: [bug-inetutils] tests/syslogd.sh and /tmp,
Mats Erik Andersson <=
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Simon Josefsson, 2012/01/19
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/20
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Ludovic Courtès, 2012/01/22
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/22
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/25
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Ludovic Courtès, 2012/01/25
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/25
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/26
- Re: [bug-inetutils] tests/syslogd.sh and /tmp, Mats Erik Andersson, 2012/01/27