From owner-freebsd-audit Tue Apr 24 18:58:36 2001 Delivered-To: freebsd-audit@freebsd.org Received: from assaris.sics.se (dhcp102.iss.kth.se [130.237.7.102]) by hub.freebsd.org (Postfix) with ESMTP id ADA3037B423 for ; Tue, 24 Apr 2001 18:58:23 -0700 (PDT) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id DAA18428; Wed, 25 Apr 2001 03:58:39 +0200 (CEST) (envelope-from assar) From: assar@freebsd.org To: Kris Kennaway Cc: "Andrew R. Reiter" , freebsd-audit@freebsd.org Subject: Re: audit work: kerberosIV References: <20010424175955.B95577@xor.obsecurity.org> Date: 25 Apr 2001 03:58:39 +0200 In-Reply-To: Kris Kennaway's message of "Tue, 24 Apr 2001 17:59:55 -0700" Message-ID: <5litjt3flc.fsf@assaris.sics.se> Lines: 25 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --=-=-= Kris Kennaway writes: > Sounds good. Bouncing a copy of this to Assar for evaluation of > inclusion in the vendor distribution. Thanks for the copy Kris, I haven't had the time lately to keep up with -audit traffic. Andrew: in the development code of krb4, most calls to setenv() are replaced with calls to esetenv() (which just calls errx() if the setenv fails). For obvious reasons, I would prefer merging the fix that's in the vendor distribution instead. I hope that's ok with you? Patches follow. /assar > On Tue, Apr 24, 2001 at 05:52:31PM -0400, Andrew R. Reiter wrote: > > did some more sync up patches for obsd->fbsd. most all of it is just > > simply doing return value checking from setenv(3). the patches can be > > found at: http://www.watson.org/~arr/fbsd-audit/crypto/kerberosIV/ --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=kdiff Index: appl/afsutil/pagsh.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/krb4/appl/afsutil/pagsh.c,v retrieving revision 1.22 retrieving revision 1.24 diff -u -w -r1.22 -r1.24 --- appl/afsutil/pagsh.c 1999/12/02 16:58:28 1.22 +++ appl/afsutil/pagsh.c 2001/02/20 23:11:33 1.24 @@ -76,7 +78,7 @@ } while(f < 0); close(f); unlink(tf); - setenv("KRBTKFILE", tf, 1); + esetenv("KRBTKFILE", tf, 1); i = 0; Index: appl/bsd/login.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/krb4/appl/bsd/login.c,v retrieving revision 1.125 retrieving revision 1.132 diff -u -w -r1.125 -r1.132 --- appl/bsd/login.c 1999/11/30 19:24:01 1.125 +++ appl/bsd/login.c 2001/02/20 23:07:50 1.132 @@ -659,7 +665,7 @@ sysv_newenv(argc, argv, pwd, term, pflag); #ifdef KERBEROS if (krbtkfile_env) - setenv("KRBTKFILE", krbtkfile_env, 1); + esetenv("KRBTKFILE", krbtkfile_env, 1); #endif if (tty[sizeof("tty")-1] == 'd') Index: appl/bsd/su.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/krb4/appl/bsd/su.c,v retrieving revision 1.70 retrieving revision 1.76 diff -u -w -r1.70 -r1.76 --- appl/bsd/su.c 1999/11/13 06:14:11 1.70 +++ appl/bsd/su.c 2001/02/20 23:07:52 1.76 @@ -240,18 +260,18 @@ if (environ == NULL) err (1, "malloc"); environ[0] = NULL; - setenv ("PATH", _PATH_DEFPATH, 1); + esetenv ("PATH", _PATH_DEFPATH, 1); if (t) - setenv ("TERM", t, 1); + esetenv ("TERM", t, 1); if (k) - setenv ("KRBTKFILE", k, 1); + esetenv ("KRBTKFILE", k, 1); if (chdir (pwd->pw_dir) < 0) errx (1, "no directory"); } if (asthem || pwd->pw_uid) - setenv ("USER", pwd->pw_name, 1); - setenv ("HOME", pwd->pw_dir, 1); - setenv ("SHELL", shell, 1); + esetenv ("USER", pwd->pw_name, 1); + esetenv ("HOME", pwd->pw_dir, 1); + esetenv ("SHELL", shell, 1); } if (iscsh == YES) { if (fastlogin) @@ -343,7 +370,7 @@ "%s_%s_to_%s_%u", TKT_ROOT, username, user, (unsigned) getpid ()); - setenv ("KRBTKFILE", krbtkfile, 1); + esetenv ("KRBTKFILE", krbtkfile, 1); krb_set_tkt_string (krbtkfile); /* * Set real as well as effective ID to 0 for the moment, Index: appl/bsd/sysv_environ.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/krb4/appl/bsd/sysv_environ.c,v retrieving revision 1.23 retrieving revision 1.24 diff -u -w -r1.23 -r1.24 --- appl/bsd/sysv_environ.c 1997/12/14 23:50:44 1.23 +++ appl/bsd/sysv_environ.c 2000/10/02 05:35:56 1.24 @@ -36,7 +36,7 @@ if (val == NULL) continue; *val = '\0'; - setenv(buf, val + 1, 1); + esetenv(buf, val + 1, 1); } fclose (f); } @@ -110,12 +110,12 @@ for (pp = preserved; pp->name; pp++) if (pp->value) - setenv(pp->name, pp->value, 1); + esetenv(pp->name, pp->value, 1); /* The TERM definition from e.g. rlogind can override an existing one. */ if (term[0]) - setenv("TERM", term, 1); + esetenv("TERM", term, 1); /* * Environment definitions from the command line overrule existing ones, @@ -130,7 +130,7 @@ while (argc && *argv) { if (strchr(*argv, '=') == 0) { snprintf(buf, sizeof(buf), "L%d", count++); - setenv(buf, *argv, 1); + esetenv(buf, *argv, 1); } else { for (cp = censored; cp->prefix; cp++) if (STREQN(*argv, cp->prefix, cp->length)) @@ -143,20 +143,20 @@ /* PATH is always reset. */ - setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); + esetenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ - setenv("HOME", pwd->pw_dir, 1); + esetenv("HOME", pwd->pw_dir, 1); { char *sep = "/"; if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') sep = ""; roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); } - setenv("MAIL", buf, 1); - setenv("LOGNAME", pwd->pw_name, 1); - setenv("USER", pwd->pw_name, 1); + esetenv("MAIL", buf, 1); + esetenv("LOGNAME", pwd->pw_name, 1); + esetenv("USER", pwd->pw_name, 1); /* * Variables that may be set according to specifications in the defaults @@ -167,11 +167,11 @@ */ if (strcasecmp(default_altsh, "YES") == 0) - setenv("SHELL", pwd->pw_shell, 1); + esetenv("SHELL", pwd->pw_shell, 1); if (default_hz) - setenv("HZ", default_hz, 0); + esetenv("HZ", default_hz, 0); if (default_timezone) - setenv("TZ", default_timezone, 0); + esetenv("TZ", default_timezone, 0); /* Non-environment stuff. */ Index: appl/kauth/kauth.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/appl/kauth/kauth.c,v retrieving revision 1.97 retrieving revision 1.101 diff -u -w -r1.97 -r1.101 --- appl/kauth/kauth.c 1999/12/02 16:58:31 1.97 +++ appl/kauth/kauth.c 2001/02/20 01:44:44 1.101 @@ -316,7 +314,7 @@ }while(f < 0); close(f); unlink(tf); - setenv("KRBTKFILE", tf, 1); + esetenv("KRBTKFILE", tf, 1); krb_set_tkt_string (tf); } Index: appl/telnet/libtelnet/kerberos.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/appl/telnet/libtelnet/kerberos.c,v retrieving revision 1.46 retrieving revision 1.51 diff -u -w -r1.46 -r1.51 --- appl/telnet/libtelnet/kerberos.c 1999/09/16 20:41:33 1.46 +++ appl/telnet/libtelnet/kerberos.c 2001/02/15 04:20:52 1.51 @@ -331,7 +331,7 @@ "%s%u", TKT_ROOT, (unsigned)pw->pw_uid); - setenv("KRBTKFILE", ts, 1); + esetenv("KRBTKFILE", ts, 1); if (pw->pw_uid == 0) syslog(LOG_INFO|LOG_AUTH, Index: appl/telnet/telnetd/state.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/appl/telnet/telnetd/state.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -w -r1.13 -r1.14 --- appl/telnet/telnetd/state.c 1999/05/13 23:12:50 1.13 +++ appl/telnet/telnetd/state.c 2000/10/02 05:06:02 1.14 @@ -1016,7 +1016,7 @@ return; settimer(xdisplocsubopt); subpointer[SB_LEN()] = '\0'; - setenv("DISPLAY", (char *)subpointer, 1); + esetenv("DISPLAY", (char *)subpointer, 1); break; } /* end of case TELOPT_XDISPLOC */ @@ -1183,7 +1183,7 @@ case ENV_USERVAR: *cp = '\0'; if (valp) - setenv(varp, valp, 1); + esetenv(varp, valp, 1); else unsetenv(varp); cp = varp = (char *)subpointer; @@ -1202,7 +1202,7 @@ } *cp = '\0'; if (valp) - setenv(varp, valp, 1); + esetenv(varp, valp, 1); else unsetenv(varp); break; Index: appl/telnet/telnetd/telnetd.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/appl/telnet/telnetd/telnetd.c,v retrieving revision 1.58 retrieving revision 1.64 diff -u -w -r1.58 -r1.64 --- appl/telnet/telnetd/telnetd.c 1999/11/13 06:31:04 1.58 +++ appl/telnet/telnetd/telnetd.c 2001/02/08 16:06:27 1.64 @@ -776,7 +739,7 @@ */ *user_name = 0; level = getterminaltype(user_name, sizeof(user_name)); - setenv("TERM", terminaltype ? terminaltype : "network", 1); + esetenv("TERM", terminaltype ? terminaltype : "network", 1); #ifdef _SC_CRAY_SECURE_SYS if (secflag) { Index: lib/auth/afskauthlib/verify.c =================================================================== RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/lib/auth/afskauthlib/verify.c,v retrieving revision 1.20 retrieving revision 1.24 diff -u -w -r1.20 -r1.24 --- lib/auth/afskauthlib/verify.c 1999/12/02 16:58:37 1.20 +++ lib/auth/afskauthlib/verify.c 2000/12/31 07:57:08 1.24 @@ -277,10 +290,10 @@ } } #ifdef KRB5 - setenv("KRB5CCNAME",krb5ccname,1); + esetenv("KRB5CCNAME",krb5ccname,1); #endif #ifdef KRB4 - setenv("KRBTKFILE",krbtkfile,1); + esetenv("KRBTKFILE",krbtkfile,1); return krbtkfile; #else return ""; --=-=-= --=-=-= Content-Type: text/x-patch; charset=iso-8859-1 Content-Disposition: attachment; filename=esetenv.c Content-Transfer-Encoding: 8bit Index: esetenv.c =================================================================== RCS file: esetenv.c diff -N esetenv.c --- /dev/null Wed Apr 25 03:51:31 2001 +++ /tmp/cvsLAAabzfBa Wed Apr 25 03:51:32 2001 @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: esetenv.c,v 1.3 2001/01/27 05:28:38 assar Exp $"); +#endif + +#include "roken.h" + +#include + +void +esetenv(const char *var, const char *val, int rewrite) +{ + if (setenv ((char *)var, (char *)val, rewrite)) + errx (1, "failed setting environment variable %s", var); +} --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message