Details Ticket 2961


Comment | Reply | Take | Open


Serial Number 2961
Subject lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
Area grass5.7
Queue grass
Requestors hamish_nospam@yahoo.com
Owner none
Status resolved
Last User Contact Fri Feb 4 12:31:18 2005 (4 yr ago)
Current Priority 70
Final Priority 70
Due No date assigned
Last Action Wed Feb 16 05:02:11 2005 (4 yr ago)
Created Thu Feb 3 00:38:09 2005 (4 yr ago)

Transaction History Ticket 2961


Thu, Feb 3 2005 00:38:09    Request created by guest  
Subject: lib/gis/unix_socks.c fails unless $TMPDIR is /tmp

Platform: GNU/Linux/i386
grass obtained from: CVS
grass binary for platform: Compiled from Sources
GRASS Version: 5.7-cvs-feb05

Hi,

I just did a little audit and I think my recenct security fix to init.sh introduced
a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and
revert to always using /tmp (maybe in the next 24 hours).

The bug is this:

init.sh now uses $TMPDIR (if it exists) to place the temporary session files
in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp"
hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in
C.

It might still work, but would leave files scattered about, reintroduce the security
issues, etc..

Can someone show me how to do this?

unix_socks.c:
http://freegis.org/cgi-bin/viewcvs.cgi/grass51/lib/gis/unix_socks.c?rev=HEAD&content-type=text/vnd.v
iewcvs-markup
Also lib/gis/win32_pipes.c always uses "c:/grass-" as a prefix. I'm not sure
if this should match what is set as the temporary session directory by init.sh??
I'd prefer that to adding platform heuristics to init.sh.




thanks,
Hamish
Thu, Feb 3 2005 04:12:19    Comments added by hbowman  
I've reverted the init.sh $TMPDIR thing for now.


Hamish
Thu, Feb 3 2005 10:37:21    Mail sent by paul-grass@stjohnspoint.co.uk  
Return-Path <paul-grass@stjohnspoint.co.uk>
Delivered-To grass-bugs@lists.intevation.de
Date Thu, 3 Feb 2005 09:36:17 +0000 (GMT)
From Paul Kelly <paul-grass@stjohnspoint.co.uk>
To Request Tracker <grass-bugs@intevation.de>
Cc grass5@grass.itc.it
Subject Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
In-Reply-To <20050202233809.C9348102BFE@lists.intevation.de>
Message-ID <Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
References <20050202233809.C9348102BFE@lists.intevation.de>
MIME-Version 1.0
Content-Type TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Status No, hits=-4.9 tagged_above=-999.0 required=3.0 tests=BAYES_00
X-Spam-Level
On Thu, 3 Feb 2005, Request Tracker wrote:

> I just did a little audit and I think my recenct security fix to init.sh introduced
a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and
revert to always using /tmp (maybe in the next 24 hours).
>
> The bug is this:
>
> init.sh now uses $TMPDIR (if it exists) to place the temporary session files
in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp"
hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in
C.
>
> It might still work, but would leave files scattered about, reintroduce the
security issues, etc..
>
> Can someone show me how to do this?

I haven't looked at any of the source files but what about a GRASS 
variable TMPDIR that would contain either the system TMPDIR or /tmp 
depending on the checks at startup. Then in the C file you could access it 
as G_getenv("TMPDIR") or something and you wouldn't have to repeat the 
logic checking if TMPDIR is set.


Fri, Feb 4 2005 04:37:04    Mail sent by hamish_nospam@yahoo.com  
Return-Path <hamish_nospam@yahoo.com>
Delivered-To grass-bugs@lists.intevation.de
Date Fri, 4 Feb 2005 16:36:50 +1300
From Hamish <hamish_nospam@yahoo.com>
To Paul Kelly <paul-grass@stjohnspoint.co.uk>
Cc grass-bugs@intevation.de, grass5@grass.itc.it
Subject Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
Message-Id <20050204163650.4a69e55a.hamish_nospam@yahoo.com>
In-Reply-To <Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
References <20050202233809.C9348102BFE@lists.intevation.de> <Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
X-Mailer Sylpheed version 1.0.0 (GTK+ 1.2.10; i386-pc-linux-gnu)
X-Face M<EoB)"*Z~u!,vFhXmw}R_KbdBta*P_=T|rbBL'e1/CQ9;/1g\BU3&!=y8ria$2Uk!HT&BB 8i?|X_+7~1jsy}F~g$2va%3fV`*=L(*cem[@3\yg,G,@rg6/QMJ
Mime-Version 1.0
Content-Type text/plain; charset=US-ASCII
Content-Transfer-Encoding 7bit
X-Spam-Status No, hits=-4.0 tagged_above=-999.0 required=3.0 tests=BAYES_00, FORGED_YAHOO_RCVD
X-Spam-Level
> > I just did a little audit and I think my recenct security fix to
> > init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> > remove the $TMPDIR capability and revert to always using /tmp (maybe
> > in the next 24 hours).
> >
> > The bug is this:
> >
> > init.sh now uses $TMPDIR (if it exists) to place the temporary
> > session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> > lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> > the 'if(! $TMPDIR) then "/tmp"' test in C.
> >
> > It might still work, but would leave files scattered about,
> > reintroduce the security issues, etc..
> >

[so I changed it back to hardcoded "/tmp" for now]


> I haven't looked at any of the source files but what about a GRASS 
> variable TMPDIR that would contain either the system TMPDIR or /tmp 
> depending on the checks at startup. Then in the C file you could
> access it  as G_getenv("TMPDIR") or something and you wouldn't have to
> repeat the  logic checking if TMPDIR is set.

Seems a bit redunant.. it is only queried by unix_socks.c|win32_pipes.c
so it is just one check to add. I would think that this is not a GRASS
variable you really want to have changed after startup, and leaving it
in the g.gisenv list begs for it to be changed. Sure the user can change
the shell variable too, but it isn't as visible as something to fiddle
with.

?


Hamish


Fri, Feb 4 2005 12:31:18    Mail sent by glynn@gclements.plus.com  
Return-Path <glynn@gclements.plus.com>
Delivered-To grass-bugs@lists.intevation.de
From Glynn Clements <glynn@gclements.plus.com>
MIME-Version 1.0
Content-Type text/plain; charset=us-ascii
Content-Transfer-Encoding 7bit
Message-ID <16899.23801.866528.28614@gargle.gargle.HOWL>
Date Fri, 4 Feb 2005 11:31:05 +0000
To Request Tracker <grass-bugs@intevation.de>
Cc grass5@grass.itc.it
Subject Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
In-Reply-To <20050202233809.C9348102BFE@lists.intevation.de>
References <20050202233809.C9348102BFE@lists.intevation.de>
X-Mailer VM 7.07 under 21.4 (patch 15) "Security Through Obscurity" XEmacs Lucid
X-Spam-Status No, hits=-4.9 tagged_above=-999.0 required=3.0 tests=BAYES_00
X-Spam-Level
Request Tracker wrote:

> I just did a little audit and I think my recenct security fix to
> init.sh introduced a bug. I'd like to fix it ASAP - if not I'll remove
> the $TMPDIR capability and revert to always using /tmp (maybe in the
> next 24 hours).
> 
> The bug is this:
> 
> init.sh now uses $TMPDIR (if it exists) to place the temporary session
> files in. If $TMPDIR doesn't exist it uses /tmp. Now
> lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> the 'if(! $TMPDIR) then "/tmp"' test in C.

unix_socks.c should always use /tmp; using $TMPDIR (which is typically
a subdirectory of $HOME) might exceed the limit for a Unix-domain
socket.

-- 
Glynn Clements <glynn@gclements.plus.com>


Tue, Feb 8 2005 00:27:22    Mail sent by hamish_nospam@yahoo.com  
Return-Path <hamish_nospam@yahoo.com>
Delivered-To grass-bugs@lists.intevation.de
Date Tue, 8 Feb 2005 12:26:59 +1300
From Hamish <hamish_nospam@yahoo.com>
To Glynn Clements <glynn@gclements.plus.com>
Cc grass-bugs@intevation.de, grass5@grass.itc.it
Subject Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
Message-Id <20050208122659.21024cfe.hamish_nospam@yahoo.com>
In-Reply-To <16899.23801.866528.28614@gargle.gargle.HOWL>
References <20050202233809.C9348102BFE@lists.intevation.de> <16899.23801.866528.28614@gargle.gargle.HOWL>
X-Mailer Sylpheed version 1.0.0 (GTK+ 1.2.10; i386-pc-linux-gnu)
X-Face M<EoB)"*Z~u!,vFhXmw}R_KbdBta*P_=T|rbBL'e1/CQ9;/1g\BU3&!=y8ria$2Uk!HT&BB 8i?|X_+7~1jsy}F~g$2va%3fV`*=L(*cem[@3\yg,G,@rg6/QMJ
Mime-Version 1.0
Content-Type text/plain; charset=US-ASCII
Content-Transfer-Encoding 7bit
X-Spam-Status No, hits=-4.0 tagged_above=-999.0 required=3.0 tests=BAYES_00, FORGED_YAHOO_RCVD
X-Spam-Level
> > I just did a little audit and I think my recenct security fix to
> > init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> > remove the $TMPDIR capability and revert to always using /tmp (maybe
> > in the next 24 hours).
> > 
> > The bug is this:
> > 
> > init.sh now uses $TMPDIR (if it exists) to place the temporary
> > session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> > lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> > the 'if(! $TMPDIR) then "/tmp"' test in C.
> 
> unix_socks.c should always use /tmp; using $TMPDIR (which is typically
> a subdirectory of $HOME) might exceed the limit for a Unix-domain
> socket.


Ok, in that case init.sh & socks/pipes will always be /tmp and ignore
any $TMPDIR.

I think the test-compiles do honor $TMPDIR already and that this is ok?


Hamish


Wed, Feb 16 2005 05:02:11    Status changed to resolved by hbowman  
Wed, Feb 16 2005 05:02:11    Comments added by hbowman  
Abandoned the use of $TMPDIR by init.sh; this bug is done.


Hamish


Comment | Reply | Take | Open

You are currently authenticated as guest.
[Show Configuration] [Login as another user]

Users Guide - Mail Commands - Homepage of RequestTracker 1.0.7 - list any request