Date: Tue, 21 Jul 1998 22:54:52 +0100 (IST) From: rotel@indigo.ie To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7358: [PATCH] Security patches for locatedb etc Message-ID: <199807212154.WAA02317@indigo.ie>
next in thread | raw e-mail | index | archive | help
>Number: 7358 >Category: bin >Synopsis: [PATCH] Security patches for locatedb etc >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 21 15:00:02 PDT 1998 >Last-Modified: >Originator: Niall Smart >Organization: >Release: FreeBSD 2.2.6-STABLE i386 >Environment: FreeBSD ginseng.indigo.ie 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Fri Jul 3 19:59:15 IST 1998 root@ginseng.indigo.ie:/usr/src/stable/src/sys/compile/GINSENG i386 >Description: David Kelly (dkelly@hiwaay.net) brought up some security problems in the shell scripts used to make the locate databases some time ago; I sent patches to freebsd-security but they were never applied, here they are again. >How-To-Repeat: >Fix: >From owner-freebsd-security@FreeBSD.ORG Sat Apr 25 13:19:02 1998 From: Niall Smart <rotel@indigo.ie> Message-Id: <199804251210.NAA01265@indigo.ie> Date: Sat, 25 Apr 1998 13:10:25 +0000 In-Reply-To: David Kelly <dkelly@hiwaay.net> "Re: Symlinks again..." (Apr 24, 10:13pm) Reply-To: rotel@indigo.ie To: David Kelly <dkelly@hiwaay.net>, freebsd-security@FreeBSD.ORG Subject: Re: Symlinks again... Cc: wosch@FreeBSD.ORG, ncb05@uow.edu.au On Apr 24, 10:13pm, David Kelly wrote: } Subject: Re: Symlinks again... > > > > [ discussion of problem with temporary files in locate.* ] > > > > The code is still wrong though, an account is compromisable. I > > would submit a PR. mktemp(1) should be ported to -stable to make > > fixing/avoiding this type of thing easier. Any takers? > > It appears mktemp made it into RELENG_2_2 recently (I don't know how to > ask CVS yet). So maybe all that's left to do is fold it into the right > places? Oh, good. :) It was brought in last Saturday by obrien@freebsd.org, I hadn't checked. Here are the patches: *** /usr/src/usr.bin/locate/locate/mklocatedb.sh Sun Dec 21 16:43:09 1997 --- mklocatedb.sh Sat Apr 25 13:00:10 1998 *************** *** 30,53 **** # # $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $ - # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! umask 077 # protect temp files ! TMPDIR=${TMPDIR:-/tmp}; export TMPDIR ! if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then ! TMPDIR=/tmp; export TMPDIR fi # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} sortopt="-u -T $TMPDIR" sortcmd=$sort --- 30,58 ---- # # $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $ # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! bigrams=`mktemp -t mklocatedb` ! filelist=`mktemp -t mklocatedb` ! if [ -z "$bigrams" -o -z "$filelist" ]; then ! echo "`basename $0`: cannot create temporary files (check \$TMPDIR)" >&2 ! exit 1 fi + trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15 + # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} + if [ -z "$TMPDIR" -o ! -d "$TMPDIR" -o ! -w "$TMPDIR" ]; then + TMPDIR=/tmp; export TMPDIR + fi sortopt="-u -T $TMPDIR" sortcmd=$sort *************** *** 56,68 **** case X"$1" in X-nosort|X-presort) sortcmd=cat; sortopt=;shift;; esac - - - bigrams=$TMPDIR/_mklocatedb$$.bigrams - filelist=$TMPDIR/_mklocatedb$$.list - - trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15 - if $sortcmd $sortopt > $filelist; then $bigram < $filelist | $sort -nr | --- 61,66 ---- *** /usr/src/usr.bin/locate/locate/concatdb.sh Sun Dec 21 16:43:09 1997 --- concatdb.sh Sat Apr 25 12:52:56 1998 *************** *** 37,64 **** PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH - umask 077 # protect temp files - - TMPDIR=${TMPDIR:-/tmp}; export TMPDIR; - if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then - TMPDIR=/tmp; export TMPDIR - fi - # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} : ${locate=locate} - case $# in ! [01]) echo 'usage: concatdb databases1 ... databaseN > newdb' exit 1 ;; esac - bigrams=$TMPDIR/_concatdb$$.bigrams trap 'rm -f $bigrams' 0 1 2 3 5 10 15 for db --- 37,60 ---- PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} : ${locate=locate} case $# in ! [01]) echo "usage: `basename $0` databases1 ... databaseN > newdb" >&2 exit 1 ;; esac + bigrams=`mktemp -t concatdb` + if [ -z "$bigrams" ]; then + echo "$0: cannot create temporary file (check \$TMPDIR)" >&2 + exit 1 + fi trap 'rm -f $bigrams' 0 1 2 3 5 10 15 for db *** /usr/src/usr.bin/locate/locate/updatedb.sh Sun Dec 21 16:43:09 1997 --- updatedb.sh Sat Apr 25 13:03:16 1998 *************** *** 35,60 **** # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR - TMPDIR=${TMPDIR:-/tmp}; export TMPDIR - if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then - TMPDIR=/tmp; export TMPDIR - fi PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! : ${mklocatedb=locate.mklocatedb} # make locate database program ! : ${FCODES=/var/db/locate.database} # the database ! : ${SEARCHPATHS="/"} # directories to be put in the database ! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories ! : ${FILESYSTEMS="ufs"} # allowed filesystems : ${find=find} case X"$SEARCHPATHS" in ! X) echo "$0: empty variable SEARCHPATHS"; exit 1;; esac case X"$FILESYSTEMS" in ! X) echo "$0: empty variable FILESYSTEMS"; exit 1;; esac # Make a list a paths to exclude in the locate run excludes="! (" or="" for fstype in $FILESYSTEMS --- 35,61 ---- # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! : ${mklocatedb=locate.mklocatedb} # make locate database program ! : ${FCODES=/var/db/locate.database} # the database ! : ${SEARCHPATHS="/"} # directories to be put in the database ! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories ! : ${FILESYSTEMS="ufs"} # allowed filesystems : ${find=find} case X"$SEARCHPATHS" in ! X) echo "`basename $0`: empty variable SEARCHPATHS" >&2; exit 1;; esac case X"$FILESYSTEMS" in ! X) echo "`basename $0`: empty variable FILESYSTEMS" >&2; exit 1;; esac + if [ "`id -un`" != "nobody" ]; then + echo "`basename $0`: this script should be run as the user \"nobody\"" >&2 + exit 1; + fi + # Make a list a paths to exclude in the locate run excludes="! (" or="" for fstype in $FILESYSTEMS *************** *** 72,78 **** done;; esac ! tmp=$TMPDIR/_updatedb$$ trap 'rm -f $tmp' 0 1 2 3 5 10 15 # search locally --- 73,84 ---- done;; esac ! tmp=`mktemp -t updatedb` ! if [ -z "$tmp" ]; then ! echo "`basename $0`: cannot create temporary file (check \$TMPDIR)" >&2 ! exit 1 ! fi ! trap 'rm -f $tmp' 0 1 2 3 5 10 15 # search locally *************** *** 82,88 **** then case X"`$find $tmp -size -257c -print`" in X) cat $tmp > $FCODES;; ! *) echo "updatedb: locate database $tmp is empty" exit 1 esac fi --- 88,96 ---- then case X"`$find $tmp -size -257c -print`" in X) cat $tmp > $FCODES;; ! *) echo "`basename $0`: locate database $tmp is empty" >&2 exit 1 esac fi + + chmod 444 $FCODES >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807212154.WAA02317>