Date: Tue, 21 Jul 1998 22:54:52 +0100 (IST) From: rotel@indigo.ie To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7358: [PATCH] Security patches for locatedb etc Message-ID: <199807212154.WAA02317@indigo.ie>
next in thread | raw e-mail | index | archive | help
>Number: 7358
>Category: bin
>Synopsis: [PATCH] Security patches for locatedb etc
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 21 15:00:02 PDT 1998
>Last-Modified:
>Originator: Niall Smart
>Organization:
>Release: FreeBSD 2.2.6-STABLE i386
>Environment:
FreeBSD ginseng.indigo.ie 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Fri Jul 3 19:59:15 IST 1998 root@ginseng.indigo.ie:/usr/src/stable/src/sys/compile/GINSENG i386
>Description:
David Kelly (dkelly@hiwaay.net) brought up some security problems in
the shell scripts used to make the locate databases some time ago; I
sent patches to freebsd-security but they were never applied, here
they are again.
>How-To-Repeat:
>Fix:
>From owner-freebsd-security@FreeBSD.ORG Sat Apr 25 13:19:02 1998
From: Niall Smart <rotel@indigo.ie>
Message-Id: <199804251210.NAA01265@indigo.ie>
Date: Sat, 25 Apr 1998 13:10:25 +0000
In-Reply-To: David Kelly <dkelly@hiwaay.net>
"Re: Symlinks again..." (Apr 24, 10:13pm)
Reply-To: rotel@indigo.ie
To: David Kelly <dkelly@hiwaay.net>, freebsd-security@FreeBSD.ORG
Subject: Re: Symlinks again...
Cc: wosch@FreeBSD.ORG, ncb05@uow.edu.au
On Apr 24, 10:13pm, David Kelly wrote:
} Subject: Re: Symlinks again...
> >
> > [ discussion of problem with temporary files in locate.* ]
> >
> > The code is still wrong though, an account is compromisable. I
> > would submit a PR. mktemp(1) should be ported to -stable to make
> > fixing/avoiding this type of thing easier. Any takers?
>
> It appears mktemp made it into RELENG_2_2 recently (I don't know how to
> ask CVS yet). So maybe all that's left to do is fold it into the right
> places?
Oh, good. :) It was brought in last Saturday by obrien@freebsd.org, I
hadn't checked. Here are the patches:
*** /usr/src/usr.bin/locate/locate/mklocatedb.sh Sun Dec 21 16:43:09 1997
--- mklocatedb.sh Sat Apr 25 13:00:10 1998
***************
*** 30,53 ****
#
# $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $
-
# The directory containing locate subprograms
: ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
! umask 077 # protect temp files
! TMPDIR=${TMPDIR:-/tmp}; export TMPDIR
! if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then
! TMPDIR=/tmp; export TMPDIR
fi
# utilities to built locate database
: ${bigram=locate.bigram}
: ${code=locate.code}
: ${sort=sort}
sortopt="-u -T $TMPDIR"
sortcmd=$sort
--- 30,58 ----
#
# $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $
# The directory containing locate subprograms
: ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
! bigrams=`mktemp -t mklocatedb`
! filelist=`mktemp -t mklocatedb`
! if [ -z "$bigrams" -o -z "$filelist" ]; then
! echo "`basename $0`: cannot create temporary files (check \$TMPDIR)" >&2
! exit 1
fi
+ trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15
+
# utilities to built locate database
: ${bigram=locate.bigram}
: ${code=locate.code}
: ${sort=sort}
+ if [ -z "$TMPDIR" -o ! -d "$TMPDIR" -o ! -w "$TMPDIR" ]; then
+ TMPDIR=/tmp; export TMPDIR
+ fi
sortopt="-u -T $TMPDIR"
sortcmd=$sort
***************
*** 56,68 ****
case X"$1" in
X-nosort|X-presort) sortcmd=cat; sortopt=;shift;;
esac
-
-
- bigrams=$TMPDIR/_mklocatedb$$.bigrams
- filelist=$TMPDIR/_mklocatedb$$.list
-
- trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15
-
if $sortcmd $sortopt > $filelist; then
$bigram < $filelist | $sort -nr |
--- 61,66 ----
*** /usr/src/usr.bin/locate/locate/concatdb.sh Sun Dec 21 16:43:09 1997
--- concatdb.sh Sat Apr 25 12:52:56 1998
***************
*** 37,64 ****
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
- umask 077 # protect temp files
-
- TMPDIR=${TMPDIR:-/tmp}; export TMPDIR;
- if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then
- TMPDIR=/tmp; export TMPDIR
- fi
-
# utilities to built locate database
: ${bigram=locate.bigram}
: ${code=locate.code}
: ${sort=sort}
: ${locate=locate}
-
case $# in
! [01]) echo 'usage: concatdb databases1 ... databaseN > newdb'
exit 1
;;
esac
- bigrams=$TMPDIR/_concatdb$$.bigrams
trap 'rm -f $bigrams' 0 1 2 3 5 10 15
for db
--- 37,60 ----
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
# utilities to built locate database
: ${bigram=locate.bigram}
: ${code=locate.code}
: ${sort=sort}
: ${locate=locate}
case $# in
! [01]) echo "usage: `basename $0` databases1 ... databaseN > newdb" >&2
exit 1
;;
esac
+ bigrams=`mktemp -t concatdb`
+ if [ -z "$bigrams" ]; then
+ echo "$0: cannot create temporary file (check \$TMPDIR)" >&2
+ exit 1
+ fi
trap 'rm -f $bigrams' 0 1 2 3 5 10 15
for db
*** /usr/src/usr.bin/locate/locate/updatedb.sh Sun Dec 21 16:43:09 1997
--- updatedb.sh Sat Apr 25 13:03:16 1998
***************
*** 35,60 ****
# The directory containing locate subprograms
: ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR
- TMPDIR=${TMPDIR:-/tmp}; export TMPDIR
- if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then
- TMPDIR=/tmp; export TMPDIR
- fi
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
! : ${mklocatedb=locate.mklocatedb} # make locate database program
! : ${FCODES=/var/db/locate.database} # the database
! : ${SEARCHPATHS="/"} # directories to be put in the database
! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories
! : ${FILESYSTEMS="ufs"} # allowed filesystems
: ${find=find}
case X"$SEARCHPATHS" in
! X) echo "$0: empty variable SEARCHPATHS"; exit 1;; esac
case X"$FILESYSTEMS" in
! X) echo "$0: empty variable FILESYSTEMS"; exit 1;; esac
# Make a list a paths to exclude in the locate run
excludes="! (" or=""
for fstype in $FILESYSTEMS
--- 35,61 ----
# The directory containing locate subprograms
: ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR
PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH
! : ${mklocatedb=locate.mklocatedb} # make locate database program
! : ${FCODES=/var/db/locate.database} # the database
! : ${SEARCHPATHS="/"} # directories to be put in the database
! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories
! : ${FILESYSTEMS="ufs"} # allowed filesystems
: ${find=find}
case X"$SEARCHPATHS" in
! X) echo "`basename $0`: empty variable SEARCHPATHS" >&2; exit 1;; esac
case X"$FILESYSTEMS" in
! X) echo "`basename $0`: empty variable FILESYSTEMS" >&2; exit 1;; esac
+ if [ "`id -un`" != "nobody" ]; then
+ echo "`basename $0`: this script should be run as the user \"nobody\"" >&2
+ exit 1;
+ fi
+
# Make a list a paths to exclude in the locate run
excludes="! (" or=""
for fstype in $FILESYSTEMS
***************
*** 72,78 ****
done;;
esac
! tmp=$TMPDIR/_updatedb$$
trap 'rm -f $tmp' 0 1 2 3 5 10 15
# search locally
--- 73,84 ----
done;;
esac
! tmp=`mktemp -t updatedb`
! if [ -z "$tmp" ]; then
! echo "`basename $0`: cannot create temporary file (check \$TMPDIR)" >&2
! exit 1
! fi
!
trap 'rm -f $tmp' 0 1 2 3 5 10 15
# search locally
***************
*** 82,88 ****
then
case X"`$find $tmp -size -257c -print`" in
X) cat $tmp > $FCODES;;
! *) echo "updatedb: locate database $tmp is empty"
exit 1
esac
fi
--- 88,96 ----
then
case X"`$find $tmp -size -257c -print`" in
X) cat $tmp > $FCODES;;
! *) echo "`basename $0`: locate database $tmp is empty" >&2
exit 1
esac
fi
+
+ chmod 444 $FCODES
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807212154.WAA02317>