From owner-freebsd-security Fri Mar 14 14:53:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA16807 for security-outgoing; Fri, 14 Mar 1997 14:53:49 -0800 (PST) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id OAA16759; Fri, 14 Mar 1997 14:52:38 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id XAA14470; Fri, 14 Mar 1997 23:51:54 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.8.5) id XAA21664; Fri, 14 Mar 1997 23:49:32 +0100 (MET) Message-ID: <19970314234929.RN36549@uriah.heep.sax.de> Date: Fri, 14 Mar 1997 23:49:29 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: schneider@zib.de (Wolfram Schneider) Cc: committers@freebsd.org, security@freebsd.org Subject: Re: ktrace security problem References: <199703141959.UAA09558@soft13.zib.de> X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199703141959.UAA09558@soft13.zib.de>; from Wolfram Schneider on Mar 14, 1997 20:59:03 +0100 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As Wolfram Schneider wrote: > Now the user wosch (I) can read all information from sendmail ;-( > IMHO ktrace should not overrides foreign ktrace.out files. Somebody please review this: cvs diff: Diffing /ktrace Index: ktrace/ktrace.c =================================================================== RCS file: /home/ncvs/src/usr.bin/ktrace/ktrace.c,v retrieving revision 1.8 diff -u -u -r1.8 ktrace.c --- ktrace.c 1997/02/22 19:55:27 1.8 +++ ktrace.c 1997/03/14 22:47:09 @@ -72,6 +72,7 @@ int append, ch, fd, inherit, ops, pid, pidset, trpoints; char *tracefile; mode_t omask; + struct stat sb; clear = NOTSET; append = ops = pidset = inherit = 0; @@ -140,8 +141,12 @@ } omask = umask(S_IRWXG|S_IRWXO); - if ((fd = open(tracefile, O_CREAT | O_WRONLY | (append ? 0 : O_TRUNC), - DEFFILEMODE)) < 0) + if (append) { + if (stat(tracefile, &sb) == 0 && sb.st_uid != getuid()) + errx(1, "Refuse to append to tracefile not owned by you"); + } else if (unlink(tracefile) == -1 && errno != ENOENT) + err(1, "Cannot unlink old tracefile"); + if ((fd = open(tracefile, O_CREAT | O_WRONLY, DEFFILEMODE)) < 0) err(1, tracefile); (void)umask(omask); (void)close(fd); -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)