Thu, Feb 3 2005
00:38:09
|
|
Request created by guest
|
|
Subject: lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
Platform: GNU/Linux/i386
grass obtained from: CVS
grass binary for platform: Compiled from Sources
GRASS Version: 5.7-cvs-feb05
Hi,
I just did a little audit and I think my recenct security fix to init.sh introduced
a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and
revert to always using /tmp (maybe in the next 24 hours).
The bug is this:
init.sh now uses $TMPDIR (if it exists) to place the temporary session files
in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp"
hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in
C.
It might still work, but would leave files scattered about, reintroduce the security
issues, etc..
Can someone show me how to do this?
unix_socks.c:
http://freegis.org/cgi-bin/viewcvs.cgi/grass51/lib/gis/unix_socks.c?rev=HEAD&content-type=text/vnd.v
iewcvs-markup
Also lib/gis/win32_pipes.c always uses "c:/grass-" as a prefix. I'm not sure
if this should match what is set as the temporary session directory by init.sh??
I'd prefer that to adding platform heuristics to init.sh.
thanks,
Hamish
|
|
Thu, Feb 3 2005
04:12:19
|
|
Comments added by hbowman
|
|
I've reverted the init.sh $TMPDIR thing for now.
Hamish
|
|
Thu, Feb 3 2005
10:37:21
|
|
Mail sent by paul-grass@stjohnspoint.co.uk
|
|
Return-Path |
<paul-grass@stjohnspoint.co.uk>
|
Delivered-To |
grass-bugs@lists.intevation.de
|
Date |
Thu, 3 Feb 2005 09:36:17 +0000 (GMT)
|
From |
Paul Kelly <paul-grass@stjohnspoint.co.uk>
|
To |
Request Tracker <grass-bugs@intevation.de>
|
Cc |
grass5@grass.itc.it
|
Subject |
Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
|
In-Reply-To |
<20050202233809.C9348102BFE@lists.intevation.de>
|
Message-ID |
<Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
|
References |
<20050202233809.C9348102BFE@lists.intevation.de>
|
MIME-Version |
1.0
|
Content-Type |
TEXT/PLAIN; charset=US-ASCII; format=flowed
|
X-Spam-Status |
No, hits=-4.9 tagged_above=-999.0 required=3.0 tests=BAYES_00
|
X-Spam-Level |
|
On Thu, 3 Feb 2005, Request Tracker wrote:
> I just did a little audit and I think my recenct security fix to init.sh introduced
a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and
revert to always using /tmp (maybe in the next 24 hours).
>
> The bug is this:
>
> init.sh now uses $TMPDIR (if it exists) to place the temporary session files
in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp"
hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in
C.
>
> It might still work, but would leave files scattered about, reintroduce the
security issues, etc..
>
> Can someone show me how to do this?
I haven't looked at any of the source files but what about a GRASS
variable TMPDIR that would contain either the system TMPDIR or /tmp
depending on the checks at startup. Then in the C file you could access it
as G_getenv("TMPDIR") or something and you wouldn't have to repeat the
logic checking if TMPDIR is set.
|
|
Fri, Feb 4 2005
04:37:04
|
|
Mail sent by hamish_nospam@yahoo.com
|
|
Return-Path |
<hamish_nospam@yahoo.com>
|
Delivered-To |
grass-bugs@lists.intevation.de
|
Date |
Fri, 4 Feb 2005 16:36:50 +1300
|
From |
Hamish <hamish_nospam@yahoo.com>
|
To |
Paul Kelly <paul-grass@stjohnspoint.co.uk>
|
Cc |
grass-bugs@intevation.de, grass5@grass.itc.it
|
Subject |
Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
|
Message-Id |
<20050204163650.4a69e55a.hamish_nospam@yahoo.com>
|
In-Reply-To |
<Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
|
References |
<20050202233809.C9348102BFE@lists.intevation.de> <Pine.LNX.4.60.0502030931110.15769@agrippa.ukshells.co.uk>
|
X-Mailer |
Sylpheed version 1.0.0 (GTK+ 1.2.10; i386-pc-linux-gnu)
|
X-Face |
M<EoB)"*Z~u!,vFhXmw}R_KbdBta*P_=T|rbBL'e1/CQ9;/1g\BU3&!=y8ria$2Uk!HT&BB 8i?|X_+7~1jsy}F~g$2va%3fV`*=L(*cem[@3\yg,G,@rg6/QMJ
|
Mime-Version |
1.0
|
Content-Type |
text/plain; charset=US-ASCII
|
Content-Transfer-Encoding |
7bit
|
X-Spam-Status |
No, hits=-4.0 tagged_above=-999.0 required=3.0 tests=BAYES_00, FORGED_YAHOO_RCVD
|
X-Spam-Level |
|
> > I just did a little audit and I think my recenct security fix to
> > init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> > remove the $TMPDIR capability and revert to always using /tmp (maybe
> > in the next 24 hours).
> >
> > The bug is this:
> >
> > init.sh now uses $TMPDIR (if it exists) to place the temporary
> > session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> > lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> > the 'if(! $TMPDIR) then "/tmp"' test in C.
> >
> > It might still work, but would leave files scattered about,
> > reintroduce the security issues, etc..
> >
[so I changed it back to hardcoded "/tmp" for now]
> I haven't looked at any of the source files but what about a GRASS
> variable TMPDIR that would contain either the system TMPDIR or /tmp
> depending on the checks at startup. Then in the C file you could
> access it as G_getenv("TMPDIR") or something and you wouldn't have to
> repeat the logic checking if TMPDIR is set.
Seems a bit redunant.. it is only queried by unix_socks.c|win32_pipes.c
so it is just one check to add. I would think that this is not a GRASS
variable you really want to have changed after startup, and leaving it
in the g.gisenv list begs for it to be changed. Sure the user can change
the shell variable too, but it isn't as visible as something to fiddle
with.
?
Hamish
|
|
Fri, Feb 4 2005
12:31:18
|
|
Mail sent by glynn@gclements.plus.com
|
|
Return-Path |
<glynn@gclements.plus.com>
|
Delivered-To |
grass-bugs@lists.intevation.de
|
From |
Glynn Clements <glynn@gclements.plus.com>
|
MIME-Version |
1.0
|
Content-Type |
text/plain; charset=us-ascii
|
Content-Transfer-Encoding |
7bit
|
Message-ID |
<16899.23801.866528.28614@gargle.gargle.HOWL>
|
Date |
Fri, 4 Feb 2005 11:31:05 +0000
|
To |
Request Tracker <grass-bugs@intevation.de>
|
Cc |
grass5@grass.itc.it
|
Subject |
Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
|
In-Reply-To |
<20050202233809.C9348102BFE@lists.intevation.de>
|
References |
<20050202233809.C9348102BFE@lists.intevation.de>
|
X-Mailer |
VM 7.07 under 21.4 (patch 15) "Security Through Obscurity" XEmacs Lucid
|
X-Spam-Status |
No, hits=-4.9 tagged_above=-999.0 required=3.0 tests=BAYES_00
|
X-Spam-Level |
|
Request Tracker wrote:
> I just did a little audit and I think my recenct security fix to
> init.sh introduced a bug. I'd like to fix it ASAP - if not I'll remove
> the $TMPDIR capability and revert to always using /tmp (maybe in the
> next 24 hours).
>
> The bug is this:
>
> init.sh now uses $TMPDIR (if it exists) to place the temporary session
> files in. If $TMPDIR doesn't exist it uses /tmp. Now
> lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> the 'if(! $TMPDIR) then "/tmp"' test in C.
unix_socks.c should always use /tmp; using $TMPDIR (which is typically
a subdirectory of $HOME) might exceed the limit for a Unix-domain
socket.
--
Glynn Clements <glynn@gclements.plus.com>
|
|
Tue, Feb 8 2005
00:27:22
|
|
Mail sent by hamish_nospam@yahoo.com
|
|
Return-Path |
<hamish_nospam@yahoo.com>
|
Delivered-To |
grass-bugs@lists.intevation.de
|
Date |
Tue, 8 Feb 2005 12:26:59 +1300
|
From |
Hamish <hamish_nospam@yahoo.com>
|
To |
Glynn Clements <glynn@gclements.plus.com>
|
Cc |
grass-bugs@intevation.de, grass5@grass.itc.it
|
Subject |
Re: [GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp
|
Message-Id |
<20050208122659.21024cfe.hamish_nospam@yahoo.com>
|
In-Reply-To |
<16899.23801.866528.28614@gargle.gargle.HOWL>
|
References |
<20050202233809.C9348102BFE@lists.intevation.de> <16899.23801.866528.28614@gargle.gargle.HOWL>
|
X-Mailer |
Sylpheed version 1.0.0 (GTK+ 1.2.10; i386-pc-linux-gnu)
|
X-Face |
M<EoB)"*Z~u!,vFhXmw}R_KbdBta*P_=T|rbBL'e1/CQ9;/1g\BU3&!=y8ria$2Uk!HT&BB 8i?|X_+7~1jsy}F~g$2va%3fV`*=L(*cem[@3\yg,G,@rg6/QMJ
|
Mime-Version |
1.0
|
Content-Type |
text/plain; charset=US-ASCII
|
Content-Transfer-Encoding |
7bit
|
X-Spam-Status |
No, hits=-4.0 tagged_above=-999.0 required=3.0 tests=BAYES_00, FORGED_YAHOO_RCVD
|
X-Spam-Level |
|
> > I just did a little audit and I think my recenct security fix to
> > init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> > remove the $TMPDIR capability and revert to always using /tmp (maybe
> > in the next 24 hours).
> >
> > The bug is this:
> >
> > init.sh now uses $TMPDIR (if it exists) to place the temporary
> > session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> > lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> > the 'if(! $TMPDIR) then "/tmp"' test in C.
>
> unix_socks.c should always use /tmp; using $TMPDIR (which is typically
> a subdirectory of $HOME) might exceed the limit for a Unix-domain
> socket.
Ok, in that case init.sh & socks/pipes will always be /tmp and ignore
any $TMPDIR.
I think the test-compiles do honor $TMPDIR already and that this is ok?
Hamish
|
|
Wed, Feb 16 2005
05:02:11
|
|
Status changed to resolved by hbowman
|
|
Wed, Feb 16 2005
05:02:11
|
|
Comments added by hbowman
|
|
Abandoned the use of $TMPDIR by init.sh; this bug is done.
Hamish
|
|