From owner-freebsd-security Sat Apr 25 05:12:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA17990 for freebsd-security-outgoing; Sat, 25 Apr 1998 05:12:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from indigo.ie (nsmart@ts01-43.waterford.indigo.ie [194.125.139.106]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA17982; Sat, 25 Apr 1998 05:12:11 -0700 (PDT) (envelope-from rotel@indigo.ie) Received: (from nsmart@localhost) by indigo.ie (8.8.8/8.8.7) id NAA01265; Sat, 25 Apr 1998 13:10:25 +0100 (IST) (envelope-from rotel@indigo.ie) From: Niall Smart Message-Id: <199804251210.NAA01265@indigo.ie> Date: Sat, 25 Apr 1998 13:10:25 +0000 In-Reply-To: David Kelly "Re: Symlinks again..." (Apr 24, 10:13pm) Reply-To: rotel@indigo.ie X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96) To: David Kelly , freebsd-security@FreeBSD.ORG Subject: Re: Symlinks again... Cc: wosch@FreeBSD.ORG, ncb05@uow.edu.au Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Apr 24, 10:13pm, David Kelly wrote: } Subject: Re: Symlinks again... > > > > [ discussion of problem with temporary files in locate.* ] > > > > The code is still wrong though, an account is compromisable. I > > would submit a PR. mktemp(1) should be ported to -stable to make > > fixing/avoiding this type of thing easier. Any takers? > > It appears mktemp made it into RELENG_2_2 recently (I don't know how to > ask CVS yet). So maybe all that's left to do is fold it into the right > places? Oh, good. :) It was brought in last Saturday by obrien@freebsd.org, I hadn't checked. Here are the patches: *** /usr/src/usr.bin/locate/locate/mklocatedb.sh Sun Dec 21 16:43:09 1997 --- mklocatedb.sh Sat Apr 25 13:00:10 1998 *************** *** 30,53 **** # # $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $ - # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! umask 077 # protect temp files ! TMPDIR=${TMPDIR:-/tmp}; export TMPDIR ! if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then ! TMPDIR=/tmp; export TMPDIR fi # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} sortopt="-u -T $TMPDIR" sortcmd=$sort --- 30,58 ---- # # $Id: mklocatedb.sh,v 1.2.2.1 1997/12/13 18:21:02 sef Exp $ # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! bigrams=`mktemp -t mklocatedb` ! filelist=`mktemp -t mklocatedb` ! if [ -z "$bigrams" -o -z "$filelist" ]; then ! echo "`basename $0`: cannot create temporary files (check \$TMPDIR)" >&2 ! exit 1 fi + trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15 + # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} + if [ -z "$TMPDIR" -o ! -d "$TMPDIR" -o ! -w "$TMPDIR" ]; then + TMPDIR=/tmp; export TMPDIR + fi sortopt="-u -T $TMPDIR" sortcmd=$sort *************** *** 56,68 **** case X"$1" in X-nosort|X-presort) sortcmd=cat; sortopt=;shift;; esac - - - bigrams=$TMPDIR/_mklocatedb$$.bigrams - filelist=$TMPDIR/_mklocatedb$$.list - - trap 'rm -f $bigrams $filelist' 0 1 2 3 5 10 15 - if $sortcmd $sortopt > $filelist; then $bigram < $filelist | $sort -nr | --- 61,66 ---- *** /usr/src/usr.bin/locate/locate/concatdb.sh Sun Dec 21 16:43:09 1997 --- concatdb.sh Sat Apr 25 12:52:56 1998 *************** *** 37,64 **** PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH - umask 077 # protect temp files - - TMPDIR=${TMPDIR:-/tmp}; export TMPDIR; - if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then - TMPDIR=/tmp; export TMPDIR - fi - # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} : ${locate=locate} - case $# in ! [01]) echo 'usage: concatdb databases1 ... databaseN > newdb' exit 1 ;; esac - bigrams=$TMPDIR/_concatdb$$.bigrams trap 'rm -f $bigrams' 0 1 2 3 5 10 15 for db --- 37,60 ---- PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH # utilities to built locate database : ${bigram=locate.bigram} : ${code=locate.code} : ${sort=sort} : ${locate=locate} case $# in ! [01]) echo "usage: `basename $0` databases1 ... databaseN > newdb" >&2 exit 1 ;; esac + bigrams=`mktemp -t concatdb` + if [ -z "$bigrams" ]; then + echo "$0: cannot create temporary file (check \$TMPDIR)" >&2 + exit 1 + fi trap 'rm -f $bigrams' 0 1 2 3 5 10 15 for db *** /usr/src/usr.bin/locate/locate/updatedb.sh Sun Dec 21 16:43:09 1997 --- updatedb.sh Sat Apr 25 13:03:16 1998 *************** *** 35,60 **** # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR - TMPDIR=${TMPDIR:-/tmp}; export TMPDIR - if test X"$TMPDIR" = X -o ! -d "$TMPDIR"; then - TMPDIR=/tmp; export TMPDIR - fi PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! : ${mklocatedb=locate.mklocatedb} # make locate database program ! : ${FCODES=/var/db/locate.database} # the database ! : ${SEARCHPATHS="/"} # directories to be put in the database ! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories ! : ${FILESYSTEMS="ufs"} # allowed filesystems : ${find=find} case X"$SEARCHPATHS" in ! X) echo "$0: empty variable SEARCHPATHS"; exit 1;; esac case X"$FILESYSTEMS" in ! X) echo "$0: empty variable FILESYSTEMS"; exit 1;; esac # Make a list a paths to exclude in the locate run excludes="! (" or="" for fstype in $FILESYSTEMS --- 35,61 ---- # The directory containing locate subprograms : ${LIBEXECDIR=/usr/libexec}; export LIBEXECDIR PATH=$LIBEXECDIR:/bin:/usr/bin:$PATH; export PATH ! : ${mklocatedb=locate.mklocatedb} # make locate database program ! : ${FCODES=/var/db/locate.database} # the database ! : ${SEARCHPATHS="/"} # directories to be put in the database ! : ${PRUNEPATHS="/tmp /usr/tmp /var/tmp"} # unwanted directories ! : ${FILESYSTEMS="ufs"} # allowed filesystems : ${find=find} case X"$SEARCHPATHS" in ! X) echo "`basename $0`: empty variable SEARCHPATHS" >&2; exit 1;; esac case X"$FILESYSTEMS" in ! X) echo "`basename $0`: empty variable FILESYSTEMS" >&2; exit 1;; esac + if [ "`id -un`" != "nobody" ]; then + echo "`basename $0`: this script should be run as the user \"nobody\"" >&2 + exit 1; + fi + # Make a list a paths to exclude in the locate run excludes="! (" or="" for fstype in $FILESYSTEMS *************** *** 72,78 **** done;; esac ! tmp=$TMPDIR/_updatedb$$ trap 'rm -f $tmp' 0 1 2 3 5 10 15 # search locally --- 73,84 ---- done;; esac ! tmp=`mktemp -t updatedb` ! if [ -z "$tmp" ]; then ! echo "`basename $0`: cannot create temporary file (check \$TMPDIR)" >&2 ! exit 1 ! fi ! trap 'rm -f $tmp' 0 1 2 3 5 10 15 # search locally *************** *** 82,88 **** then case X"`$find $tmp -size -257c -print`" in X) cat $tmp > $FCODES;; ! *) echo "updatedb: locate database $tmp is empty" exit 1 esac fi --- 88,96 ---- then case X"`$find $tmp -size -257c -print`" in X) cat $tmp > $FCODES;; ! *) echo "`basename $0`: locate database $tmp is empty" >&2 exit 1 esac fi + + chmod 444 $FCODES -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org Annoy your enemies and astonish your friends: echo "#define if(x) if (!(x))" >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message