From owner-freebsd-security@FreeBSD.ORG Wed May 18 08:06:05 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7514616A4CE for ; Wed, 18 May 2005 08:06:05 +0000 (GMT) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id A09C243D64 for ; Wed, 18 May 2005 08:06:04 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from fwd18.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1DYJZ5-00035s-02; Wed, 18 May 2005 10:06:03 +0200 Received: from Andro-Beta.Leidinger.net (rXRB3iZ6ge+vMjmt3LR8nysPVCEjLsLklknaVIcJn8557YiRGEvPc5@[217.229.212.213]) by fwd18.sul.t-online.de with esmtp id 1DYJYr-13FXWa0; Wed, 18 May 2005 10:05:49 +0200 Received: from localhost (localhost [127.0.0.1])j4I85mCi035765; Wed, 18 May 2005 10:05:48 +0200 (CEST) (envelope-from netchild@FreeBSD.org) Received: from 141.113.101.32 ([141.113.101.32]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Wed, 18 May 2005 10:05:48 +0200 Message-ID: <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 18 May 2005 10:05:48 +0200 From: Alexander Leidinger To: Max Okumoto References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> In-Reply-To: <428A23A2.5080108@ucsd.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: rXRB3iZ6ge+vMjmt3LR8nysPVCEjLsLklknaVIcJn8557YiRGEvPc5@t-dialin.net X-TOI-MSGID: 380ae779-b8b6-4d97-883c-24551f9debf4 X-Mailman-Approved-At: Wed, 18 May 2005 13:18:50 +0000 cc: freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 08:06:05 -0000 Max Okumoto wrote: [CC changed to freebsd-security instead of the cvs list] We're talking about replacing the home-grown mkfifo() funktion in make (a modified copy of mkstemp()) with mkdtemp() and creating the fifo in this new directory. Max worries about a possible race with this new approach. > Its not a race between two nice programs :-) The function mkdtmp() > creates a uniq directory, but make would then need to create a fifo > in it. (This is two steps, and thus can allow a race) > > Assume badmake has same uid, so it can create a file in the uniq > directory. (Of course this means that the bad guy already has > your account.) > Normal pattern: > --------------------- > make0: uses mkdtmp() to create dir /tmp/4321 > make0: tries to create fifo /tmp/4321 > make1: uses mkdtmp() to create dir /tmp/4321 but fails > make1: mkdtmp() next tries to create /tmp/4322 successs > make1: tries to create fifo /tmp/4322 > > > Sort of DOS: > --------------------- > make: uses mkdtmp() to create /tmp/1234/ > > badmake: watches for creation of /tmp/1234/ and > creates /tmp/1234/fifo. > > make: tries to create /tmp/1234/fifo fails. Right. But if your account is owned you have to worry about other things than a DOS of make (e.g. your ssh keys or access to your banking account or whatever). And there are more possibilities for a DOS in the case of an owned account (fork-bomb, allocating all memory, generating as much files as possible, ...; some of them can be limited with resource limits, but not all), so hardening make would be a nice goal, but in my opinion not a goal we need to persuade today since it wouldn't buy us much. But feel free to come up with some good arguments which I haven' thought of. Bye, Alexander. -- http://www.Leidinger.net/ Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org/ netchild @ FreeBSD.org : PGP ID = 72077137 Great acts are made up of small deeds. -- Lao Tsu