Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Sep 2002 02:22:11 -0500 (CDT)
From:      Kevin Day <toasty@dragondata.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/42920: [MAINTAINER PATCH] [SECURITY] Update for editors/joe - drop sgid/suid on backup files
Message-ID:  <200209180722.g8I7MB239189@shell.dragondata.com>
next in thread | raw e-mail | index | archive | help 

>Number:         42920
>Category:       ports
>Synopsis:       [MAINTAINER PATCH] [SECURITY] Update for editors/joe - drop sgid/suid on backup files
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 18 00:30:08 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Day
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
Dragondata
>Environment:
System: FreeBSD shell.dragondata.com 4.6-STABLE FreeBSD 4.6-STABLE #4: Mon Mar 4 00:26:04 CST 2002 toasty@shell.dragondata.com:/usr/src/sys/compile/SHELL i386

>Description:

A post on Bugtraq (<20020917183024.GA7393@yakuza.salon.cz>) brought up a
somewhat minor flaw in the JOE editor. Backups of sgid/suid files should
drop the sgid/suid bits, because backup files are owned by the user running
joe, not the owner of the file.

>How-To-Repeat:


Create a file such as this:

-rwsr-sr-x  1 toasty  toasty  2 Sep 18 02:00 test.file

As root, open/save it, and this backup file is created:

-rwsr-sr-x  1 root    wheel   2 Sep 18 01:58 test.file~


It would require some impressive social engineering to take advantage of
this, but it's still not a good idea.


>Fix:

Add patch-ak to ports/editors/files:

--- ufile.c.orig        Fri Jan 13 11:13:16 1995
+++ ufile.c     Wed Sep 18 02:10:05 2002
@@ -149,7 +149,7 @@
  f=open(from,O_RDONLY);
  if(f<0) return -1;
  if(fstat(f,&sbuf)<0) return -1;
- g=creat(to,sbuf.st_mode);
+ g=creat(to,sbuf.st_mode&~(S_ISGID|S_ISUID));
  if(g<0)
   {
   close(f);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209180722.g8I7MB239189>