Re: Security issue in net/cvsup-mirror port

From: The Anarcat (anarcat@anarcat.ath.cx)
Date: 11/10/02 

Date: Sun, 10 Nov 2002 15:24:49 -0500
From: The Anarcat <anarcat@anarcat.ath.cx>
To: Joshua Goodall <joshua@roughtrade.net>

You are perfectly right altought I don't understand why you feel you
shouldn't file a PR for this.

Also, I suggest the following patch instead:

--- cvsupd.sh.orig Sun Nov 10 15:19:22 2002
+++ cvsupd.sh Sun Nov 10 15:23:08 2002
@@ -5,7 +5,7 @@
     exit 1
 fi
 base=${PREFIX}/etc/cvsup
-rundir=/var/tmp
+rundir=`mktemp -d /var/tmp/cvsupd.XXXXXX`
 out=${rundir}/cvsupd.out
 
 export PATH=/bin:/usr/bin:${PREFIX}/sbin

A.

On Sun Nov 10, 2002 at 10:11:51AM +1100, Joshua Goodall wrote:
> Hi,
>
> Better not to file a PR for this, I feel.
>
> I was just passing by net/cvsup-mirror/files/cvsupd.sh when I noticed that
> it appends to the fixed-name file /var/tmp/cvsupd.out
>
> Therefore if I were a malicious user, I could make a symlink of that
> name in /var/tmp to effect arbitrary file corruption. If
> I was really clever, I might point it at /root/.ssh/authorized_keys and
> use secondary means to get cvsupd's output to include my public key.
>
> Consider changing it to /var/log/cvsupd.out ?
>
> Regards,
> Joshua.
>
> --
> Joshua Goodall
> joshua@roughtrade.net "Your byte hit ratio is weak, old man"
> "If you cache me now, I will dump more core than you can possibly imagine"
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
From the age of uniformity, from the age of solitude, from the age of
Big Brother, from the age of doublethink - greetings!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Eye Patch Therapy Cons?
    ... The reasons I wait to patch in a non-strabismic, ... Patients and their guardians almost ... correction in my experience. ... age makes no real long-term difference. ...
    (sci.med.vision)
  • Re: Eye Patch Therapy Cons?
    ... wait to patch, because it is hard to get the child to do it, or is it because ... Patients and their guardians almost ... correction in my experience. ... age makes no real long-term difference. ...
    (sci.med.vision)
  • [PATCH 2/3] kmemleak: Show the age of an unreferenced object
    ... people debugging kernel memory leaks. ... This patch adds the age as well to ... the displayed information. ...
    (Linux-Kernel)
  • Re: Scared As Hell
    ... At the Risk of exposing my age and being laughed out of the group for ... I want to stop smoking .. ... Will the nicoderm patch work under these/those circumstances? ... Wish Me Luck. ...
    (alt.support.stop-smoking)
  • Re: Free Nicoderm or lack there of?
    ... I figure *IF* they use a credit or debit card for proof of age and ... sent a *REAL* patch people might try it. ... My idea is for them to sell "singles" where they sell ciggaretts. ... FlatIronMike wrote: ...
    (alt.support.stop-smoking)