[Opendnssec-user] svn r6114

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Feb 2 12:40:10 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using mkstemp will not solve this attack, since you can do the same
trick for /the/zone-name (without .tmp), or any other file location
OpenDNSSEC is using.

Best regards,
  Matthijs

On 02/02/2012 01:22 PM, Bernhard Reutner-Fischer wrote:
> On 2 February 2012 10:25, Matthijs Mekking <matthijs at nlnetlabs.nl>
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Hi Bernhard,
>> 
>> mkstemp returns a file descriptor (int), while for printing the
>> zone, I expect a stream (FILE*). What symlink problems do you
>> expect?
> 
> It seems that the signer will usually not run with higher
> privileges, but still, avoiding potential symlink attacks is always
> a good thing. The zonefile-name is known, let's say i make a
> symlink called /the/zone-name.tmp to /etc/nologin (won't do much
> harm unless the signer runs as root but will prevent the signer to
> work), /dev/log, some socket that is under my control, etc. You get
> the idea.
> 
> As to the FILE*:
> 
> #include <stdlib.h> #include <stdio.h> #include <errno.h> #include
> <string.h> #include <unistd.h> #include <sys/stat.h> int main(void)
> { char template[] =
> "/var/tmp/or_var_lib_ods_tmp.DELME.12321.XXXXXX"; int fd =
> mkstemp(template); /* for some very good reason(?) i absolutely
> must use buffered I/O ..*/ FILE *file = fdopen(fd, "w"); if (file
> == NULL) { printf("ERROR: %s", strerror(errno)); 
> exit(EXIT_FAILURE); } fprintf(file, "something\n"); fclose(file); 
> chmod(template, 0640); rename(template, "/tmp/done"); 
> exit(EXIT_SUCCESS); }
> 
>> 
>> I agree that logging problems with rename() would be useful, I
>> will apply your patch.
> 
> Great, thanks!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPKoQqAAoJEA8yVCPsQCW51EUIAJTTHscTKHxrAABJ/QFhbv7v
3M7lb3vx8WaJGrinR5mJOFlfita2/Ggq+3Vu9g+M7xTLkW7FSWDrL88PCWQD3zLG
t9ruqH0rfE8W6xkTKuIHCOFjCC1OzLTUfVZltn1UAiRvNNsvqpeUDdrpEK4s0SrR
VGSDd6mz7X5k4DepHnblsEXDeg1N41V3EdME0EfhvqPpy0XgwNkdfygJNcDatvNN
9beM7BWQeIltbJ+pu1/30+j5P7KtNN5x9TUD3G47u6GTDPhfx609CExFo8czvf7S
CFJZtso73Vy82E0yRjfw2hEfaUsMcxwoAruBD1OSbpVzbv9n4z3Um+kI8oFLA6Q=
=UrZK
-----END PGP SIGNATURE-----

More information about the Opendnssec-user mailing list