Date: Fri, 20 Dec 2002 09:20:02 -0800 (PST) From: Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org> To: freebsd-ports@FreeBSD.org Subject: Re: ports/46399: libdivxencore distfile has world writable files inside it Message-ID: <200212201720.gBKHK2l7050826@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/46399; it has been noted by GNATS.
From: Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>
To: Arkadi Shishlov <arkadi@hosting.lv>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: ports/46399: libdivxencore distfile has world writable files inside it
Date: Fri, 20 Dec 2002 15:08:37 -0200
On Fri, Dec 20, 2002 at 06:36:30PM +0200, Arkadi Shishlov wrote:
> On Fri, Dec 20, 2002 at 12:53:53PM -0200, Mario Sergio Fujikawa Ferreira wrote:
> > Could you elaborate on the possible problem? Just wondering
>
> First of all attacker can override sources/whatever while we are building
> application. Also, sometimes I prefer to keep work/ directory and build
> a port once more time (rm work/.build_done; make) due to private patches/etc.
Okay, the most appropriate fix to this attack would be
setting a restrictive umask for your shell. That might be the reason
I never saw this problem because my umask forbids write permissions
to world.
Besides, the best I would be able to do in this case, would
be adding a 'chmod a-w,u+w ${WRKDIR}' as a post-extract target so
there would be always a window of opportunity for such an attack.
However, unlikely.
I can still add such a patch but umask should be your
better friend. :) This is correct fix for all these issues, we
cannot quite control how developers will package their distribution
files. So you could have this problem with hundreds/thousands other
ports.
From sh(1) man page
umask [mask]
Set the file creation mask (see umask(2)) to the octal value
specified by mask. If the argument is omitted, the current mask
value is printed.
From umask(2) man page
DESCRIPTION
The umask() routine sets the process's file mode creation mask to numask
and returns the previous value of the mask. The 9 low-order access per-
mission bits of numask are used by system calls, including open(2),
mkdir(2), and mkfifo(2), to turn off corresponding bits requested in file
mode. (See chmod(2)). This clearing allows each user to restrict the
default access to his files.
The default mask value is S_IWGRP|S_IWOTH (022, write access for the
owner only). Child processes inherit the mask of the calling process.
I use umask 077 which does not allow any group or world
permissions.
> Sorry for dummy Synopsys.
Don't worry. :) You've just clarified it.
--
Mario S F Ferreira - DF - Brazil - "I guess this is a signature."
Computer Science Undergraduate | FreeBSD Committer | CS Developer
flames to beloved devnull@someotherworldbeloworabove.org
feature, n: a documented bug | bug, n: an undocumented feature
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212201720.gBKHK2l7050826>