From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 28 15:50:11 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE51F106566B for ; Tue, 28 Feb 2012 15:50:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B7A758FC12 for ; Tue, 28 Feb 2012 15:50:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1SFoAgB031802 for ; Tue, 28 Feb 2012 15:50:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1SFoA9E031801; Tue, 28 Feb 2012 15:50:10 GMT (envelope-from gnats) Resent-Date: Tue, 28 Feb 2012 15:50:10 GMT Resent-Message-Id: <201202281550.q1SFoA9E031801@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Anton Shterenlikht Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2EAE106564A for ; Tue, 28 Feb 2012 15:41:51 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id 802A58FC12 for ; Tue, 28 Feb 2012 15:41:51 +0000 (UTC) Received: from ncsd.bris.ac.uk ([137.222.10.59] helo=ncs.bris.ac.uk) by dirg.bris.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1S2Ovc-00023N-2r for FreeBSD-gnats-submit@freebsd.org; Tue, 28 Feb 2012 15:25:30 +0000 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by ncs.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1S2OvQ-0004VG-Qu for FreeBSD-gnats-submit@freebsd.org; Tue, 28 Feb 2012 15:25:12 +0000 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5) with ESMTP id q1SFPCj9057979 for ; Tue, 28 Feb 2012 15:25:12 GMT (envelope-from mexas@mech-cluster241.men.bris.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5/Submit) id q1SFPCwt057978; Tue, 28 Feb 2012 15:25:12 GMT (envelope-from mexas) Message-Id: <201202281525.q1SFPCwt057978@mech-cluster241.men.bris.ac.uk> Date: Tue, 28 Feb 2012 15:25:12 GMT From: Anton Shterenlikht To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/165533: [lpr.c] wrong 661 permission for /var/spool/output/lpd/.seq (should be 660) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Anton Shterenlikht List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 15:50:11 -0000 >Number: 165533 >Category: kern >Synopsis: [lpr.c] wrong 661 permission for /var/spool/output/lpd/.seq (should be 660) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 28 15:50:10 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Anton Shterenlikht >Release: FreeBSD 9.0-BETA2 ia64 >Organization: University of Bristol >Environment: System: FreeBSD mech-cluster241.men.bris.ac.uk 9.0-BETA2 FreeBSD 9.0-BETA2 #4 r225618: Fri Sep 16 21:11:50 BST 2011 root@mech-cluster241.men.bris.ac.uk:/usr/obj/usr/src/sys/TZAV ia64 >Description: I've a parallel printer attached to a 9.9-CURRENT #2 r230787M box. Recently I started seeing this line in daily security output: Checking negative group permissions: 70834 -rw-r----x 1 root daemon 4 Feb 21 12:54:02 2012 /var/spool/output/lpd/.seq I think .seq is created with wrong permissions, thus triggering a security warning. >How-To-Repeat: # pwd /var/spool/output/lpd # ls -al total 8 drwxr-xr-x 2 root daemon 512 Feb 24 12:43 . drwxr-xr-x 3 root daemon 512 Mar 9 2010 .. -rw-rw-r-- 1 root daemon 41 Feb 21 12:54 lock -rw-rw-r-- 1 root daemon 25 Feb 21 12:54 status # Then I print something, e.g.: % pwd | lpr Then this .seq file appears with weird permissions: # ls -al total 10 drwxr-xr-x 2 root daemon 512 Feb 24 12:46 . drwxr-xr-x 3 root daemon 512 Mar 9 2010 .. -rw-r----x 1 root daemon 4 Feb 24 12:45 .seq -rw-rw-r-- 1 root daemon 41 Feb 24 12:45 lock -rw-rw-r-- 1 root daemon 25 Feb 24 12:45 status # # cat .seq 001 # >Fix: From: jb Date: Tue, 28 Feb 2012 15:07:43 +0000 (UTC) It is an intermediate-processing (run-time) lockfile found in various spool dirs and their sub-dirs, like /var/spool/cron/ /at, /lpd, etc. It is used to save job# by the respective programs (cron, at, etc). You can find a ref to .SEQ in file at.c in at port sources. I did not see ref to .seq in lpr or cron port sources. The periodic security check /etc/periodic/security/110.neggrpperm checks for risque condition like ! -perm +010 -and -perm +001 The file should not be executable, according to its purpose. So the lpr.c should be changed from if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) { to if ((fd = open(buf, O_RDWR|O_CREAT, 0660)) < 0) { >Release-Note: >Audit-Trail: >Unformatted: