From owner-freebsd-ports Wed Feb 27 16: 0:41 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1461637B41B for ; Wed, 27 Feb 2002 16:00:10 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1S00AS23080; Wed, 27 Feb 2002 16:00:10 -0800 (PST) (envelope-from gnats) Received: from areilly.bpc-users.org (CPE-144-132-240-160.nsw.bigpond.net.au [144.132.240.160]) by hub.freebsd.org (Postfix) with SMTP id DEB9037B41B for ; Wed, 27 Feb 2002 15:50:42 -0800 (PST) Received: (qmail 48348 invoked by uid 1000); 27 Feb 2002 23:50:41 -0000 Message-Id: <20020227235041.48347.qmail@areilly.bpc-users.org> Date: 27 Feb 2002 23:50:41 -0000 From: "Andrew Reilly" Reply-To: Andrew Reilly To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/35388: xsane_create_secure_file fails if file exists: wrong. Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 35388 >Category: ports >Synopsis: xsane_create_secure_file fails if file exists: wrong. >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 27 16:00:10 PST 2002 >Closed-Date: >Last-Modified: >Originator: Andrew Reilly >Release: FreeBSD 4.5-STABLE i386 >Organization: just me >Environment: System: FreeBSD gurney.reilly.home 4.5-STABLE FreeBSD 4.5-STABLE #3: Sat Feb 23 13:26:08 EST 2002 root@gurney.reilly.home:/usr/obj/usr/src/sys/GURNEY i386 A generic P-!!!/500 PC, IDE drives, 128M RAM USB scanner: AGFA Snapscan e20. All dependant libraries and facilities updated to state of ports tree by "portupdate" as at 23 Feb 2002, and by make buildworld/installworld on same date. >Description: xsane checks to ensure that files that it creates are not at the end of a symlink, for "security" reasons. However, the routine that does this will also fail if the file in question already exists, because FreeBSD open(,O_WRONLY|O_CREAT|O_EXCL) semantics result in a failure in that case. Most of the time that doesn't cause any problems, because xsane creates/opens files only once for writing. The problem is with the interaction of xsane_fax_receiver_changed_callback() (in xsane.c) and xsane_fax_project_save(), because the former calls the latter every time the fax project changes. The fax project changes for every _character_ of the recipient phone number, so ..._project_save() is called for every character entered, and every new file scanned or added, and so the %s/xsane-fax-list file is re-written to reflect the new information. Or it would be, if xsane_create_secure_file() did not fail because that file already exists. >How-To-Repeat: Start xsane Select XSane mode: Fax Fill in the proejct name in the top box Click the "Create project" button (the only non-grey field) Try to type the recipient number into the second box. >Fix: apply the following patch, which removes the O_EXCL flag to the open() call. Perhaps this reduces security too much, which doesn't worry me on my single-user workstation, but should be checked. Maybe the correct fix is to change the logic of xsane_fax_project_save or xsane_fax_receiver_changed_callback. --- xsane-save.c Sat Dec 8 06:20:15 2001 +++ /home/andrew/xsane-save.c Thu Feb 28 10:26:55 2002 @@ -139,7 +139,7 @@ #endif umask((mode_t) preferences.image_umask); /* define image file permissions */ - fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0666); + fd = open(filename, O_WRONLY | O_CREAT, 0666); umask(XSANE_DEFAULT_UMASK); /* define new file permissions */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message