From owner-freebsd-security@FreeBSD.ORG Wed May 18 14:44:38 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C933216A4CE; Wed, 18 May 2005 14:44:38 +0000 (GMT) Received: from mailout08.sul.t-online.com (mailout08.sul.t-online.com [194.25.134.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1287543D9D; Wed, 18 May 2005 14:44:38 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from fwd22.aul.t-online.de by mailout08.sul.t-online.com with smtp id 1DYPmk-0006Ii-00; Wed, 18 May 2005 16:44:34 +0200 Received: from Andro-Beta.Leidinger.net (TE1wyMZLQeh4si9QH5rwIksq2fA3tnIV9UVD5KXwlep8zck4GR916x@[217.229.212.213]) by fwd22.sul.t-online.de with esmtp id 1DYPmb-0k2Jeq0; Wed, 18 May 2005 16:44:25 +0200 Received: from localhost (localhost [127.0.0.1])j4IEiOUt093198; Wed, 18 May 2005 16:44:24 +0200 (CEST) (envelope-from netchild@FreeBSD.org) Received: from 141.113.101.32 ([141.113.101.32]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Wed, 18 May 2005 16:44:24 +0200 Message-ID: <20050518164424.ea9t6jeups0ksckk@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 18 May 2005 16:44:24 +0200 From: Alexander Leidinger To: Giorgos Keramidas References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> <20050518141456.GB40240@orion.daedalusnetworks.priv> In-Reply-To: <20050518141456.GB40240@orion.daedalusnetworks.priv> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: TE1wyMZLQeh4si9QH5rwIksq2fA3tnIV9UVD5KXwlep8zck4GR916x@t-dialin.net X-TOI-MSGID: fdb27d4e-99c0-4ae1-b27b-b64aaba7ca91 X-Mailman-Approved-At: Thu, 19 May 2005 12:33:30 +0000 cc: freebsd-security@freebsd.org cc: Max Okumoto Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 14:44:38 -0000 Giorgos Keramidas wrote: > Does this really need to be of the form DIR/fifo ? No. > I haven't looked at the code that uses the fifo at all, so I risk being > extremely out of topic here, but why wouldn't a temporary fifo created > with a name obtained from mkstemp() work too? mkstemp() creates a file. > A directory won't be needed if the fifo name is created by mkstemp() and > then passed directly to mkfifo(2). He wants to get rid of the tmpname() warning at link time, so he decided to copy mkstemp() and modified the copy to create a fifo. I asked why he doesn't use mkdtemp() so nobody has to care about synchronizing the code of mkstemp() and his copy. > Then there is still a (small?) possibility for a race, but a subsequent > invocation of mkstemp() is almost guaranteed to work, unless mkstemp() > is severely broken. We don't talk about this kind of a race. We're talking about a malicious programm hijacking the make-fifo. I don't think this is an issue, since the malicious program has to be run with the same UID, and the you need to worry about more important things than a DOS of make. And since a lot of people download tarballs and run make without looking into the makefiles for malicious content, such a simple DOS isn't worth a bikesheed (at least IMHO). Max already told me he will run the creation of the fifo in a loop. So if the mkfifo() call fails because it already exists, he removes this fifo since he hasn't created it. To be on the safe side I suggest to also print a warning... and maybe to exit because this isn't supposed to happen. I think this should cover our ass good enough. Bye, Alexander. -- http://www.Leidinger.net/ Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org/ netchild @ FreeBSD.org : PGP ID = 72077137 If I have to lay an egg for my country, I'll do it. -- Bob Hope