From owner-freebsd-ports Fri Dec 20 9:20: 5 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5717337B401 for ; Fri, 20 Dec 2002 09:20:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E091E43EDC for ; Fri, 20 Dec 2002 09:20:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gBKHK2NS050827 for ; Fri, 20 Dec 2002 09:20:02 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gBKHK2l7050826; Fri, 20 Dec 2002 09:20:02 -0800 (PST) Date: Fri, 20 Dec 2002 09:20:02 -0800 (PST) Message-Id: <200212201720.gBKHK2l7050826@freefall.freebsd.org> To: freebsd-ports@FreeBSD.org Cc: From: Mario Sergio Fujikawa Ferreira Subject: Re: ports/46399: libdivxencore distfile has world writable files inside it Reply-To: Mario Sergio Fujikawa Ferreira Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR ports/46399; it has been noted by GNATS. From: Mario Sergio Fujikawa Ferreira To: Arkadi Shishlov Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: ports/46399: libdivxencore distfile has world writable files inside it Date: Fri, 20 Dec 2002 15:08:37 -0200 On Fri, Dec 20, 2002 at 06:36:30PM +0200, Arkadi Shishlov wrote: > On Fri, Dec 20, 2002 at 12:53:53PM -0200, Mario Sergio Fujikawa Ferreira wrote: > > Could you elaborate on the possible problem? Just wondering > > First of all attacker can override sources/whatever while we are building > application. Also, sometimes I prefer to keep work/ directory and build > a port once more time (rm work/.build_done; make) due to private patches/etc. Okay, the most appropriate fix to this attack would be setting a restrictive umask for your shell. That might be the reason I never saw this problem because my umask forbids write permissions to world. Besides, the best I would be able to do in this case, would be adding a 'chmod a-w,u+w ${WRKDIR}' as a post-extract target so there would be always a window of opportunity for such an attack. However, unlikely. I can still add such a patch but umask should be your better friend. :) This is correct fix for all these issues, we cannot quite control how developers will package their distribution files. So you could have this problem with hundreds/thousands other ports. From sh(1) man page umask [mask] Set the file creation mask (see umask(2)) to the octal value specified by mask. If the argument is omitted, the current mask value is printed. From umask(2) man page DESCRIPTION The umask() routine sets the process's file mode creation mask to numask and returns the previous value of the mask. The 9 low-order access per- mission bits of numask are used by system calls, including open(2), mkdir(2), and mkfifo(2), to turn off corresponding bits requested in file mode. (See chmod(2)). This clearing allows each user to restrict the default access to his files. The default mask value is S_IWGRP|S_IWOTH (022, write access for the owner only). Child processes inherit the mask of the calling process. I use umask 077 which does not allow any group or world permissions. > Sorry for dummy Synopsys. Don't worry. :) You've just clarified it. -- Mario S F Ferreira - DF - Brazil - "I guess this is a signature." Computer Science Undergraduate | FreeBSD Committer | CS Developer flames to beloved devnull@someotherworldbeloworabove.org feature, n: a documented bug | bug, n: an undocumented feature To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message