Please read the http://frugalware.org/docs/bugs page if you are new to bugreporting!
FS#3052 - [SEC] /var/run/netconfig has umask permissions
Attached to Project:
Frugalware
Opened by Karl (yggjg) - Friday, 02 May 2008, 15:39 GMT+2
Last edited by Miklos Vajna (vmiklos) - Monday, 05 May 2008, 14:56 GMT+2
Opened by Karl (yggjg) - Friday, 02 May 2008, 15:39 GMT+2
Last edited by Miklos Vajna (vmiklos) - Monday, 05 May 2008, 14:56 GMT+2
|
DetailsUpon "netconfig start", /var/run/netconfig is created with permissions according to umask in the environment. Thus if umask is 000, the file will be writeable by everyone. This is the case for example when you have "netconfig start" in a suspend/resume script that is executed by acpid.
If a user writes the name of a network profile in /var/run/netconfig, that network profile will be activated the next time root does "netconfig restart". Since this may be a security problem, netconfig should make sure that /var/run/netconfig has restrictive permissions when the file is created. Steps to reproduce: # netconfig stop # umask 000 # netconfig start Actual results: $ ls -l /var/run/netconfig -rw-rw-rw- 1 root root 7 2 maj 15.10 /var/run/netconfig Expected results: $ ls -l /var/run/netconfig -rw-r--r-- 1 root root 7 2 maj 15.10 /var/run/netconfig How often does this happen? Every time Additional information: Given above actual results, the following is possible. $ echo networkprofile >/var/run/netconfig # netconfig restart # ifconfig (configuration is according to "networkprofile") |
This task depends upon
Closed by Miklos Vajna (vmiklos)
Monday, 05 May 2008, 14:56 GMT+2
Reason for closing: Fixed
Additional comments about closing: FSA440
Monday, 05 May 2008, 14:56 GMT+2
Reason for closing: Fixed
Additional comments about closing: FSA440
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalwareutils.git;a=commitdiff;h=e6103e355926c062e8b18218115a07c1117ee846
FS#3054andFS#3056