Date: Tue, 28 Feb 2012 15:25:12 GMT From: Anton Shterenlikht <mexas@bristol.ac.uk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/165533: [lpr.c] wrong 661 permission for /var/spool/output/lpd/.seq (should be 660) Message-ID: <201202281525.q1SFPCwt057978@mech-cluster241.men.bris.ac.uk> Resent-Message-ID: <201202281550.q1SFoA9E031801@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 165533
>Category: kern
>Synopsis: [lpr.c] wrong 661 permission for /var/spool/output/lpd/.seq (should be 660)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 28 15:50:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Anton Shterenlikht
>Release: FreeBSD 9.0-BETA2 ia64
>Organization:
University of Bristol
>Environment:
System: FreeBSD mech-cluster241.men.bris.ac.uk 9.0-BETA2 FreeBSD 9.0-BETA2 #4 r225618: Fri Sep 16 21:11:50 BST 2011 root@mech-cluster241.men.bris.ac.uk:/usr/obj/usr/src/sys/TZAV ia64
>Description:
I've a parallel printer attached to a 9.9-CURRENT #2 r230787M box.
Recently I started seeing this line in daily security output:
Checking negative group permissions:
70834 -rw-r----x 1 root daemon 4 Feb 21 12:54:02 2012 /var/spool/output/lpd/.seq
I think .seq is created with wrong permissions,
thus triggering a security warning.
>How-To-Repeat:
# pwd
/var/spool/output/lpd
# ls -al
total 8
drwxr-xr-x 2 root daemon 512 Feb 24 12:43 .
drwxr-xr-x 3 root daemon 512 Mar 9 2010 ..
-rw-rw-r-- 1 root daemon 41 Feb 21 12:54 lock
-rw-rw-r-- 1 root daemon 25 Feb 21 12:54 status
#
Then I print something, e.g.:
% pwd | lpr
Then this .seq file appears with weird permissions:
# ls -al
total 10
drwxr-xr-x 2 root daemon 512 Feb 24 12:46 .
drwxr-xr-x 3 root daemon 512 Mar 9 2010 ..
-rw-r----x 1 root daemon 4 Feb 24 12:45 .seq
-rw-rw-r-- 1 root daemon 41 Feb 24 12:45 lock
-rw-rw-r-- 1 root daemon 25 Feb 24 12:45 status
#
# cat .seq
001
#
>Fix:
From: jb <jb.1234abcd@gmail.com>
Date: Tue, 28 Feb 2012 15:07:43 +0000 (UTC)
It is an intermediate-processing (run-time) lockfile found in various spool
dirs and their sub-dirs, like
/var/spool/cron/
/at,
/lpd, etc.
It is used to save job# by the respective programs (cron, at, etc).
You can find a ref to .SEQ in file at.c in at port sources.
I did not see ref to .seq in lpr or cron port sources.
The periodic security check
/etc/periodic/security/110.neggrpperm
checks for risque condition like
! -perm +010 -and -perm +001
The file should not be executable, according to its purpose.
So the lpr.c should be changed from
if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) {
to
if ((fd = open(buf, O_RDWR|O_CREAT, 0660)) < 0) {
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202281525.q1SFPCwt057978>