From owner-freebsd-security Sat Feb 23 18: 7:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by hub.freebsd.org (Postfix) with ESMTP id 516DA37B400 for ; Sat, 23 Feb 2002 18:07:44 -0800 (PST) Received: from admin0 (admin0.westbend.net [216.47.253.17]) by mail.westbend.net (8.11.6/8.11.6) with ESMTP id g1O27eX40986 for ; Sat, 23 Feb 2002 20:07:40 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <008d01c1bcd7$e6f39c40$11fd2fd8@westbend.net> From: "Scot W. Hetzel" To: "'freebsd-security@freebsd.org'" References: <20020222152529.A16356@xor.obsecurity.org> <20020222152714.B16356@xor.obsecurity.org> <000501c1bcab$84ff2df0$1efd2fd8@westbend.net> <20020223161724.A32157@xor.obsecurity.org> Subject: Re: RE: Third /tmp location ? Date: Sat, 23 Feb 2002 20:06:41 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >On Sat, Feb 23, 2002 at 02:48:52PM -0600, Scot W. Hetzel wrote: >> How about patching find_play_pen to set a variable to say that /usr/tmp was >> created by the pkg_install tools and then when the pkg_install tools call >> leave_playpen, /usr/tmp is removed only if the variable is set. > >That might be the best idea. > >> attached is a untested patch for pen.c. > >It's best to include patches directly so they can be read inline, but >thanks..I'll try and take a look at it. > Here's the patch inline for others to review: Index: pen.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/pen.c,v retrieving revision 1.31.2.6 diff -u -r1.31.2.6 pen.c --- pen.c 22 Nov 2001 17:40:36 -0000 1.31.2.6 +++ pen.c 23 Feb 2002 20:34:31 -0000 @@ -34,6 +34,9 @@ static char PenLocation[FILENAME_MAX]; static char Previous[FILENAME_MAX]; +/* did we create the /usr/tmp directory */ +static int create_usr_tmp; + char * where_playpen(void) { @@ -47,6 +50,8 @@ char *cp; struct stat sb; + create_usr_tmp=0; + if (pen[0] && isdir(dirname(pen)) == TRUE && (min_free(dirname(pen)) >= sz)) return pen; else if ((cp = getenv("PKG_TMPDIR")) != NULL && stat(cp, &sb) != FAIL && (min_free(cp) >= sz)) @@ -57,9 +62,12 @@ strcpy(pen, "/var/tmp/instmp.XXXXXX"); else if (stat("/tmp", &sb) != FAIL && min_free("/tmp") >= sz) strcpy(pen, "/tmp/instmp.XXXXXX"); - else if ((stat("/usr/tmp", &sb) == SUCCESS || mkdir("/usr/tmp", 01777) == SUCCESS) && min_free("/usr/tmp") >= sz) + else if (stat("/usr/tmp", &sb) == SUCCESS && min_free("/usr/tmp") >= sz) { strcpy(pen, "/usr/tmp/instmp.XXXXXX"); - else { + } else if (mkdir("/usr/tmp", 01777) == SUCCESS && min_free("/usr/tmp") >= sz) { + strcpy(pen, "/usr/tmp/instmp.XXXXXX"); + create_usr_tmp=1; + } else { cleanup(0); errx(2, __FUNCTION__ ": can't find enough temporary space to extract the files, please set your\n" @@ -161,6 +169,10 @@ if (PenLocation[0] == '/' && vsystem("rm -rf %s", PenLocation)) warnx("couldn't remove temporary dir '%s'", PenLocation); popPen(PenLocation); + } + if (create_usr_tmp) { + if ( rmdir(/usr/tmp") == FAIL ) + warnx("couldn't remove /usr/tmp"); } signal(SIGINT, oldsig); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message