From owner-freebsd-security Sun May 26 10:47:46 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA06181 for security-outgoing; Sun, 26 May 1996 10:47:46 -0700 (PDT) Received: from groovy.dreaming.org (groovy.dreaming.org [204.92.5.69]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA06176 for ; Sun, 26 May 1996 10:47:40 -0700 (PDT) Received: (from batsy@localhost) by groovy.dreaming.org (8.6.12/8.6.12) id NAA01968; Sun, 26 May 1996 13:54:51 -0400 Date: Sun, 26 May 1996 13:54:51 -0400 (EDT) From: jamie X-Sender: batsy@groovy.dreaming.org To: freebsd-security@freebsd.org Subject: md5 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I have recently heard rumors of an md5 library for Crack. I have a small number of users on my system (20'ish) and all are ...well...users in the sense that I give them an initial passwd to get to their accounts and they ask me if I can just set it to their userid so they can remember it. I have told them how to change their passwds but I am suspicious that they are using insecure passwds. I haven't implemented cracklib but I am warey that if there is an md5 plug-in for crack, the shadow passwd system is only a minimal defense (unshadow.c). If anyone knows where to find a doc or a package I would be very interested in hearing about it. Thanks, -jamie reid From owner-freebsd-security Sun May 26 12:04:50 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA10066 for security-outgoing; Sun, 26 May 1996 12:04:50 -0700 (PDT) Received: from apocalypse.superlink.net (root@apocalypse.superlink.net [205.246.27.150]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA10060 for ; Sun, 26 May 1996 12:04:46 -0700 (PDT) Received: (from marxx@localhost) by apocalypse.superlink.net (8.7.5/8.7.3) id LAA01168; Sun, 26 May 1996 11:14:00 -0400 (EDT) Date: Sun, 26 May 1996 11:13:59 -0400 (EDT) From: "Charles C. Figueiredo" To: jamie cc: freebsd-security@freebsd.org Subject: Re: md5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 26 May 1996, jamie wrote: > > I have recently heard rumors of an md5 library for Crack. I have a small > number of users on my system (20'ish) and all are ...well...users in the > sense that I give them an initial passwd to get to their accounts and > they ask me if I can just set it to their userid so they can remember it. > I have told them how to change their passwds but I am suspicious that > they are using insecure passwds. I haven't implemented cracklib but I am > warey that if there is an md5 plug-in for crack, the shadow passwd system > is only a minimal defense (unshadow.c). If anyone knows where to find a unshadow.c or any other variant, that attempts to exploit an insecuirty in getpwent() is useless. They cannot unshadow your password file w/ that, they will attempt other way of compromising root. > doc or a package I would be very interested in hearing about it. > Thanks, > -jamie reid > "I don't want to grow up, I'm a BSD kid. There's so many toys in /usr/bin that I can play with!" ------------------------------------------------------------------------------ Charles C. Figueiredo Marxx marxx@superlink.net ------------------------------------------------------------------------------ From owner-freebsd-security Tue May 28 02:32:18 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA13039 for security-outgoing; Tue, 28 May 1996 02:32:18 -0700 (PDT) Received: from neptune.pristine.com.tw ([192.72.150.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA12979 for ; Tue, 28 May 1996 02:31:59 -0700 (PDT) Received: (from team_fbf@localhost) by neptune.pristine.com.tw (8.6.11/8.6.9) id RAA07006 for freebsd-security@freebsd.org; Tue, 28 May 1996 17:31:17 GMT From: ywliu Message-Id: <199605281731.RAA07006@neptune.pristine.com.tw> Subject: /kernel: attempted source route from xxx.xxx.xxx.xxx To: freebsd-security@freebsd.org Date: Tue, 28 May 1996 17:31:16 +0000 () X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, Our FreeBSD system reports May 28 17:19:51 /kernel: attempted source route from xxx.xxx.xxx.xxx to 192.72.150.2 It looks like some one tries to do something nasty with us. Am I worried too much ? Yen-Wei Liu From owner-freebsd-security Tue May 28 04:46:01 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA20042 for security-outgoing; Tue, 28 May 1996 04:46:01 -0700 (PDT) Received: from shogun.tdktca.com ([206.26.1.21]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA20036 for ; Tue, 28 May 1996 04:45:59 -0700 (PDT) Received: from shogun.tdktca.com (daemon@localhost) by shogun.tdktca.com (8.7.2/8.7.2) with ESMTP id GAA08698 for ; Tue, 28 May 1996 06:47:38 -0500 (CDT) Received: from orion.fa.tdktca.com ([163.49.131.130]) by shogun.tdktca.com (8.7.2/8.7.2) with SMTP id GAA08691 for ; Tue, 28 May 1996 06:47:38 -0500 (CDT) Received: (from alex@localhost) by orion.fa.tdktca.com (8.6.12/8.6.9) id GAA06890; Tue, 28 May 1996 06:50:32 -0500 Date: Tue, 28 May 1996 06:50:32 -0500 Message-Id: <199605281150.GAA06890@orion.fa.tdktca.com> From: Alex Nash To: team_fbf@pristine.com.tw Cc: freebsd-security@FreeBSD.org Subject: RE: /kernel: attempted source route from xxx.xxx.xxx.xxx Reply-to: alex@fa.tca.com Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > Our FreeBSD system reports > > May 28 17:19:51 /kernel: attempted source route from xxx.xxx.xxx.xxx to 192.72.150.2 IP input processing drops source route packets by default (note that this differs from the original Net/3 code). If you want to allow source route packets, type: # sysctl -w net.inet.ip.sourceroute=1 Alex From owner-freebsd-security Tue May 28 07:54:00 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA04794 for security-outgoing; Tue, 28 May 1996 07:54:00 -0700 (PDT) Received: from onyx.nervosa.com (root@nervosa.com [192.187.228.86]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA04768 for ; Tue, 28 May 1996 07:53:27 -0700 (PDT) Received: (from coredump@localhost) by onyx.nervosa.com (8.7.5/8.7.3) id HAA00248; Tue, 28 May 1996 07:52:52 -0700 (PDT) Date: Tue, 28 May 1996 07:52:51 -0700 (PDT) From: "Chris J. Layne" To: freebsd-security@freebsd.org Subject: Re: [linux-security] Things NOT to put in root's crontab (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk followup == Chris Layne ======================================== Nervosa Computing == == coredump@nervosa.com ================ http://www.nervosa.com/~coredump == ---------- Forwarded message ---------- Date: Mon, 27 May 1996 11:47:00 +1000 From: Paul Szabo To: Multiple recipients of list BUGTRAQ Subject: Re: [linux-security] Things NOT to put in root's crontab (This discussion is relevant to many UNIXes besides linux.) >> Perhaps a "{}" on the command line should be sub'ed with the relative >> name and a "{{}}" should be sub'ed with the absolute name. > I agree that find's syntax would have to be (and should) be extended. I do not think find should be changed, but the rm command should be replaced with something more suitable. The following perl script may be useful. Paul Szabo - System Manager // School of Mathematics and Statistics psz@maths.usyd.edu.au // University of Sydney, NSW 2006, Australia ----- #! /usr/local/bin/perl -- # #V safe-rm V1.0 27 May 96 Paul Szabo # # Safe rm program to be used in root cron jobs like # find /tmp -type f -atime +2 -exec safe-rm {} \; # instead of rm, to ensure that the path does not contain any symlinks. # # # There is a race between when find starts to descend into /tmp and when it # # calls rm. Suppose I make deeply nested trees like # # # # /tmp/a/a/a/a/a/a/passwd (all real dirs and file) and also # # /tmp/b/a/a/a/a/a -> /etc (all real dirs and the last symlink) # # # # then, after find starts up but before it reaches /tmp/a/.../passwd I do # # # # cd /tmp; mv a c; mv b a # # # # then find will exec 'rm /tmp/a/a/.../a/passwd' but this removes /etc/passwd. # # If the directories are deep enough then find will slow down a lot, and the # # race will be easy to win. # # If using safe-rm then we can also try to remove empty directories: # find /tmp -atime +2 -exec safe-rm {} \; if ( -d '/usr/apollo' ) { $apollo = 1; } ( $CMD = $0 ) =~ s!^/?([^/]*/)*!!; sub err { if ("$USAGE" ne '') { if ($#_ >= 0) { print "$CMD failed with error:\n\n"; } else { print "$CMD failed with some unknown error.\n"; } } foreach (@_) { print "$_\n"; } if ("$USAGE" ne '') { print "\nUsage:$USAGE"; } exit 1; } # Returns success or failure whether path given is acceptable sub goodpath { my ($path) = @_; if ( length($path) < 1 || length($path) > 999 ) { return 0; } if ( $path =~ m![^a-zA-Z0-9/.,:_-]! ) { return 0; } if ( $path =~ m!^[^a-zA-Z0-9/.]! ) { return 0; } if ( $apollo ) { if ( $path =~ m!/[^a-zA-Z0-9/.]! ) { return 0; }; if ( $path =~ m!.//! ) { return 0; } } else { if ( $path =~ m!/[^a-zA-Z0-9.]! ) { return 0; } } if ( $path =~ m![^/]/$! ) { return 0; } return 1; } # Returns full (absolute) path beginning with /, or error message. # Could be simplified for safe-rm: only need to ensure that we got # a path starting with / and check for symlinks. sub fullpath { # Whinge: Why is this not part of standard Perl? # Or at least why is getwd not implemented? my ($path) = @_; my ($obj, $dir, $nam, $top, $loop, @statp, @statt, @statd, @stato); if ( $apollo ) { $top = '//'; } else { $top = '/'; } goodpath($path) || return "Bad pathname $path ."; @statp = stat("$path"); $#statp = 1; if ( ! -e _ ) { return "Object $path does not exist"; } $obj = "$path"; if ( $obj =~ m![^/]/$! ) { $obj =~ s!/$!!; } ( $dir = "$obj" ) =~ s![^/]*$!!; ( $nam = "$obj" ) =~ s!^.*/!!; if ( "$obj" ne "$dir$nam" ) { return "Cannot decompose object name $obj: $dir and $nam ?"; } lstat("$obj"); $loop = 0; while ( -l _ ) { $loop++; if ( $loop > 20 ) { return "Symlink loop in $obj"; } $nam = readlink("$obj"); if ("$nam" eq '') { return "Cannot resolve link $obj: $!"; } $obj = "$dir$nam"; goodpath($obj) || return "Bad object name $obj ."; ( $dir = "$obj" ) =~ s![^/]*$!!; ( $nam = "$obj" ) =~ s!^.*/!!; if ( "$obj" ne "$dir$nam" ) { return "Cannot decompose object name $obj: $dir and $nam ?"; } @stato = stat("$obj"); $#stato = 1; if ( "@statp" ne "@stato" ) { return "Cannot resolve $path: not same as $obj ?"; } lstat("$obj"); } if ( "$nam" eq '.' || "$nam" eq '..' ) { $dir = "$dir$nam"; $nam = ''; } @statt = stat("$top"); $#statt = 1; if ( ! -d _ ) { return "But $top is not a directory ?"; } if ("$dir" eq '') { $dir = '.'; } if ( $dir =~ m![^/]/$! ) { $dir =~ s!/$!!; } @statd = stat("$dir"); $#statd = 1; $loop = 0; while ( "@statd" ne "@statt" ) { if ( $loop > 100 ) { return "Directory loop in $obj"; } if ( ! -d _ ) { return "But $dir is not a directory ?"; } opendir (DH,"$dir/..") || return "Cannot read directory $dir/.. ?"; @stato = (); while ( "@statd" ne "@stato" ) { $name = readdir(DH) || last; goodpath("$dir/../$name") || next; @stato = lstat("$dir/../$name"); $#stato = 1; } if ( "@statd" ne "@stato" ) { return "Cannot look up $dir (for $dir/$nam) in $dir/.. ?"; } closedir (DH) || return "Cannot stop reading directory $dir/.. ?"; $dir = "$dir/.."; if ( "$nam" eq '' ) { $nam = "$name"; } else { $nam = "$name/$nam"; } goodpath($nam) || return "Bad name $dir/$nam ."; @statd = stat("$dir"); $#statd = 1; if ( "@statd" eq "@stato" ) { last; } } $obj = "$top$nam"; goodpath($obj) || return "Bad final pathname $obj"; @stato = stat("$obj"); $#stato = 1; if ( "@statp" ne "@stato" ) { return "Cannot resolve $path: not same as $obj ?"; } return "$obj"; } if ( $#ARGV != 0 ) { err ("Specify one object (only) to remove."); } ($FILE) = @ARGV; # These checks are somewhat redundant goodpath($FILE) || err ("Bad object name $FILE ."); @STATFILE = lstat("$FILE"); if ( ! -e _ ) { err ("File $FILE does not exist."); } if ( -l _ ) { err ("Object $FILE is a symbolic link."); } if ( ! -d _ && ! -f _ ) { err ("Object $FILE is not a (plain) file or a directory."); } $FULLPATH = fullpath("$FILE"); if ( $FULLPATH !~ m!^/! ) { err ("Error resolving $FILE:", " $FULLPATH"); } if ( "$FULLPATH" ne "$FILE" ) { err ("Not full pathname $FILE :", " it really is $FULLPATH"); } # Some more redundancy @STATFULL = lstat("$FILE"); if ("@STATFILE" ne "@STATFULL") { err ("Error resolving $FILE : seems to have changed."); } if ( -f _ ) { # print "About to unlink $FILE ...\n"; unlink "$FILE" || err ("Cannot remove file $FILE"); } elsif ( -d _ ) { # print "About to rmdir $FILE ...\n"; rmdir "$FILE"; # || err ("Cannot remove dir $FILE"); # No error message: it may have been not empty } else { err ("Object $FILE is not a (plain) file nor a directory."); } #!# From owner-freebsd-security Tue May 28 09:05:55 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA09470 for security-outgoing; Tue, 28 May 1996 09:05:55 -0700 (PDT) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id JAA09462 for ; Tue, 28 May 1996 09:05:51 -0700 (PDT) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.6.12/8.6.12) id JAA23308; Tue, 28 May 1996 09:05:34 -0700 From: "Rodney W. Grimes" Message-Id: <199605281605.JAA23308@GndRsh.aac.dev.com> Subject: Re: [linux-security] Things NOT to put in root's crontab (fwd) To: coredump@nervosa.com (Chris J. Layne) Date: Tue, 28 May 1996 09:05:34 -0700 (PDT) Cc: freebsd-security@freebsd.org In-Reply-To: from "Chris J. Layne" at "May 28, 96 07:52:51 am" X-Mailer: ELM [version 2.4ME+ PL11 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > followup > > == Chris Layne ======================================== Nervosa Computing == > == coredump@nervosa.com ================ http://www.nervosa.com/~coredump == > > ---------- Forwarded message ---------- > Date: Mon, 27 May 1996 11:47:00 +1000 > From: Paul Szabo > To: Multiple recipients of list BUGTRAQ > Subject: Re: [linux-security] Things NOT to put in root's crontab ... > #! /usr/local/bin/perl -- ... > > if ( -d '/usr/apollo' ) { $apollo = 1; } Not a very safe check to see if you are running on an Apollo system, this would get tripped by a few of my systems used for cross work. Better check would be if ( -d '/sys/node_data' ) { $apollo = 1; } -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD From owner-freebsd-security Fri May 31 23:09:00 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA11048 for security-outgoing; Fri, 31 May 1996 23:09:00 -0700 (PDT) Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA11043; Fri, 31 May 1996 23:08:56 -0700 (PDT) Received: by sovcom.kiae.su id AA13321 (5.65.kiae-1 ); Sat, 1 Jun 1996 09:05:54 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Sat, 1 Jun 96 09:05:54 +0300 Received: (from ache@localhost) by astral.msk.su (8.7.5/8.7.3) id KAA00964; Sat, 1 Jun 1996 10:03:16 +0400 (MSD) Message-Id: <199606010603.KAA00964@astral.msk.su> Subject: Man security fixes for review To: security@freebsd.org Date: Sat, 1 Jun 1996 10:03:16 +0400 (MSD) Cc: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch), pst@freebsd.org From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast X-Mailer: ELM [version 2.4ME+ PL19 (25)] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I think, this patch is enough to close man hole and return s-bit back. Any comments? *** man.c.orig Tue May 30 14:11:59 1995 --- man.c Sat Jun 1 09:55:16 1996 *************** *** 19,24 **** --- 19,25 ---- #include #include #include + #include #include #include #include *************** *** 131,136 **** --- 132,138 ---- prognam = mkprogname (argv[0]); + unsetenv("IFS"); man_getopt (argc, argv); if (optind == argc) *************** *** 981,987 **** fprintf (stderr, "using default preprocessor sequence\n"); if ((cp = get_expander(file)) == NULL) ! cp = "cat"; sprintf(buf, "%s %s | ", cp, file); #ifdef HAS_TROFF if (troff) --- 983,989 ---- fprintf (stderr, "using default preprocessor sequence\n"); if ((cp = get_expander(file)) == NULL) ! cp = "/bin/cat"; sprintf(buf, "%s %s | ", cp, file); #ifdef HAS_TROFF if (troff) *************** *** 1020,1025 **** --- 1022,1054 ---- return buf; } + sig_t ohup, oint, oquit, oterm; + static char temp[FILENAME_MAX]; + + void cleantmp() + { + unlink(temp); + exit(1); + } + + void + set_sigs() + { + ohup = signal(SIGHUP, cleantmp); + oint = signal(SIGINT, cleantmp); + oquit = signal(SIGQUIT, cleantmp); + oterm = signal(SIGTERM, cleantmp); + } + + void + restore_sigs() + { + signal(SIGHUP, ohup); + signal(SIGINT, oint); + signal(SIGQUIT, oquit); + signal(SIGTERM, oterm); + } + /* * Try to format the man page and create a new formatted file. Return * 1 for success and 0 for failure. *************** *** 1030,1102 **** register char *man_file; register char *cat_file; { ! int status; ! int mode; ! FILE *fp; char *roff_command; char command[FILENAME_MAX]; - char temp[FILENAME_MAX]; ! sprintf(temp, "%s.tmp", cat_file); ! if ((fp = fopen (temp, "w")) != NULL) { ! fclose (fp); ! unlink (temp); ! roff_command = make_roff_command (man_file); ! if (roff_command == NULL) return 0; ! else #ifdef DO_COMPRESS ! sprintf (command, "(cd %s ; %s | %s > %s)", path, ! roff_command, COMPRESSOR, temp); #else ! sprintf (command, "(cd %s ; %s > %s)", path, ! roff_command, temp); #endif - /* - * Don't let the user interrupt the system () call and screw up - * the formatted man page if we're not done yet. - */ fprintf (stderr, "Formatting page, please wait..."); fflush(stderr); ! status = do_system_command (command); ! ! if (status <= 0) { ! fprintf(stderr, "Failed.\n"); ! unlink(temp); ! exit(1); ! } else { ! if (rename(temp, cat_file) == -1) { ! /* FS might be sticky */ ! sprintf(command, "cp %s %s", temp, cat_file); ! if (system(command)) ! fprintf(stderr, ! "\nHmm! Can't seem to rename %s to %s, check permissions on man dir!\n", ! temp, cat_file); ! unlink(temp); ! return 0; } - } - fprintf(stderr, "Done.\n"); - if (status == 1) - { - mode = CATMODE; - chmod (cat_file, mode); ! if (debug) ! fprintf (stderr, "mode of %s is now %o\n", cat_file, mode); } return 1; } else { ! if (debug) ! fprintf (stderr, "Couldn't open %s for writing.\n", cat_file); return 0; } --- 1059,1179 ---- register char *man_file; register char *cat_file; { ! int s, f; ! FILE *fp, *pp; char *roff_command; char command[FILENAME_MAX]; ! roff_command = make_roff_command (man_file); ! if (roff_command == NULL) ! return 0; ! ! sprintf(temp, "%s.tmpXXXXXX", cat_file); ! if ((f = mkstemp(temp)) >= 0 && (fp = fdopen(f, "w")) != NULL) { ! set_sigs(); ! if (fchmod (f, CATMODE) < 0) { ! perror("fchmod"); ! unlink(temp); ! restore_sigs(); ! fclose(fp); return 0; ! } else if (debug) ! fprintf (stderr, "mode of %s is now %o\n", temp, CATMODE); ! #ifdef DO_COMPRESS ! sprintf (command, "(cd %s ; %s | %s)", path, ! roff_command, COMPRESSOR); #else ! sprintf (command, "(cd %s ; %s)", path, ! roff_command); #endif fprintf (stderr, "Formatting page, please wait..."); fflush(stderr); ! if (debug) ! fprintf (stderr, "\ntrying command: %s\n", command); else { ! ! if ((pp = popen(command, "r")) == NULL) { ! s = errno; ! fprintf(stderr, "Failed.\n"); ! errno = s; ! perror("popen"); ! unlink(temp); ! restore_sigs(); ! fclose(fp); ! return 0; } ! while ((s = getc(pp)) != EOF) ! putc(s, fp); ! ! if ((s = pclose(pp)) == -1) { ! s = errno; ! fprintf(stderr, "Failed.\n"); ! errno = s; ! perror("pclose"); ! unlink(temp); ! restore_sigs(); ! fclose(fp); ! return 0; } + if (s != 0) { + fprintf(stderr, "Failed.\n"); + gripe_system_command(s); + unlink(temp); + restore_sigs(); + fclose(fp); + return 0; + } + } + + if (rename(temp, cat_file) == -1) { + s = errno; + fprintf(stderr, + "\nHmm! Can't seem to rename %s to %s, check permissions on man dir!\n", + temp, cat_file); + errno = s; + perror("rename"); + unlink(temp); + restore_sigs(); + fclose(fp); + return 0; + } + restore_sigs(); + + if (fclose(fp)) { + s = errno; + unlink(cat_file); + fprintf(stderr, "Failed.\n"); + errno = s; + perror("fclose"); + return 0; + } + + fprintf(stderr, "Done.\n"); return 1; } else { ! if (f >= 0) { ! s = errno; ! unlink(temp); ! errno = s; ! } ! if (debug) { ! s = errno; ! fprintf (stderr, "Couldn't open %s for writing.\n", temp); ! errno = s; ! } ! if (f >= 0) { ! perror("fdopen"); ! close(f); ! } return 0; } -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Sat Jun 1 10:00:05 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA00750 for security-outgoing; Sat, 1 Jun 1996 10:00:05 -0700 (PDT) Received: from mole.mole.org (marmot.mole.org [204.216.57.191]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA00734; Sat, 1 Jun 1996 10:00:01 -0700 (PDT) Received: (from mail@localhost) by mole.mole.org (8.6.12/8.6.12) id QAA06165; Sat, 1 Jun 1996 16:52:41 GMT Received: from meerkat.mole.org(206.197.192.110) by mole.mole.org via smap (V1.3) id sma006163; Sat Jun 1 16:52:39 1996 Received: (from mrm@localhost) by meerkat.mole.org (8.6.12/8.6.9) id JAA25420; Sat, 1 Jun 1996 09:51:24 -0700 Date: Sat, 1 Jun 1996 09:51:24 -0700 From: "M.R.Murphy" Message-Id: <199606011651.JAA25420@meerkat.mole.org> To: ache@astral.msk.su, security@freebsd.org Subject: Re: Man security fixes for review Cc: joerg_wunsch@uriah.heep.sax.de, pst@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > I think, this patch is enough to close man hole and return s-bit back. > Any comments? > Run sgid not suid. Principle of least privilege. -- Mike Murphy mrm@Mole.ORG +1 619 598 5874 Better is the enemy of Good From owner-freebsd-security Sat Jun 1 10:31:20 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA08476 for security-outgoing; Sat, 1 Jun 1996 10:31:20 -0700 (PDT) Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA08445; Sat, 1 Jun 1996 10:31:13 -0700 (PDT) Received: from campa.panke.de (anonymous232.ppp.cs.tu-berlin.de [130.149.17.232]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id TAA21976; Sat, 1 Jun 1996 19:25:48 +0200 Received: (from wosch@localhost) by campa.panke.de (8.6.12/8.6.12) id SAA04780; Sat, 1 Jun 1996 18:13:30 +0200 Date: Sat, 1 Jun 1996 18:13:30 +0200 From: Wolfram Schneider Message-Id: <199606011613.SAA04780@campa.panke.de> To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) Cc: security@freebsd.org, joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch), pst@freebsd.org Subject: Man security fixes for review In-Reply-To: <199606010603.KAA00964@astral.msk.su> References: <199606010603.KAA00964@astral.msk.su> Reply-to: Wolfram Schneider MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk KOI8-R writes: >I think, this patch is enough to close man hole and return s-bit back. >Any comments? suid or sgid? Wolfram From owner-freebsd-security Sat Jun 1 11:31:31 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA16404 for security-outgoing; Sat, 1 Jun 1996 11:31:31 -0700 (PDT) Received: from sovcom.kiae.su (sovcom.kiae.su [144.206.136.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA16390; Sat, 1 Jun 1996 11:31:27 -0700 (PDT) Received: by sovcom.kiae.su id AA26671 (5.65.kiae-1 ); Sat, 1 Jun 1996 21:26:56 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Sat, 1 Jun 96 21:26:55 +0300 Received: (from ache@localhost) by astral.msk.su (8.7.5/8.7.3) id WAA00395; Sat, 1 Jun 1996 22:20:27 +0400 (MSD) Message-Id: <199606011820.WAA00395@astral.msk.su> Subject: Re: Man security fixes for review To: wosch@cs.tu-berlin.de Date: Sat, 1 Jun 1996 22:20:26 +0400 (MSD) Cc: security@freebsd.org, joerg_wunsch@uriah.heep.sax.de, pst@freebsd.org In-Reply-To: <199606011613.SAA04780@campa.panke.de> from "Wolfram Schneider" at "Jun 1, 96 06:13:30 pm" From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast X-Mailer: ELM [version 2.4ME+ PL19 (25)] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [Charset ISO-8859-1 unsupported, filtering to ASCII...] > KOI8-R writes: > >I think, this patch is enough to close man hole and return s-bit back. > >Any comments? > > suid or sgid? It doesn't matter for my patch. Choose per your choice. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849