Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-control

[Luis Falcon]

Dear all

I have submitted some patches for GNU Health control, including some 
recommendations from openSUSE security assessment.
 
Some notes that you might want to consider for the openSUSE version of
the GH control center:

* Keep in mind that the standard GNU Health installation
  uses a non-privileged user ("gnuhealth"), so we don't use /var/run,
  /var/log, or any system directory. In addition, all Python
  dependencies are also installed locally, under $HOME/.local)

* The GNU Health update directory is static because we need to be able
  to have the latest update in case of issues and take it from there. So
  running in a pseudo-random directory or the use of mktemp is not
  suitable for this scenario. 

* To avoid some user in the same server creating a file with the same
  location and name, thus preventing from running the backup, the new
  GNU Health control will create the temporary lock and info files in
  the gnuhealth HOME directory, so only the gnuhealth administrator
  will be able to access those files.

* We are using the mktemp with the prefix directory (/tmp) included
  (mktemp -d /tmp/gnuhealth-XXXX) . This makes it compatible with
  FreeBSD.

* Please use mktemp and assign it to a local variable in the
  "getlang" function scope. There is no need to create the directory in
  contexts other than installation of a particular language.

* Finally, we now delete the temporary directory after language
  installation process, regardless of the exit status.


The revision is at :
https://hg.savannah.gnu.org/hgweb/health/rev/a56e504fc120 

And the GH 3.6.4 raw file:
https://hg.savannah.gnu.org/hgweb/health/raw-file/a56e504fc120/tryton/gnuhealth-control

Thank you again for your time and very valuable recommendations!

Have a great weekend
Luis

pgpCMVM7RBfNx.pgp
Description: OpenPGP digital signature