From bacae935d522a86edc0fb965e04b01a32c6869ac Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Wed, 19 Jan 2011 11:02:30 -0800 Subject: dispatch-conf: restrict default archive-dir perms Also, add warnings about rcs and ci behavior in dispatch-conf.conf and dispatch-conf.1. This will fix bug #315603. --- cnf/dispatch-conf.conf | 8 ++++++++ man/dispatch-conf.1 | 16 ++++++++++++++-- pym/portage/dispatch_conf.py | 5 ++++- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/cnf/dispatch-conf.conf b/cnf/dispatch-conf.conf index 33ad156e6..b51b61ae1 100644 --- a/cnf/dispatch-conf.conf +++ b/cnf/dispatch-conf.conf @@ -6,6 +6,14 @@ archive-dir=/etc/config-archive # Use rcs for storing files in the archive directory? +# WARNING: When configured to use rcs, read and execute permissions of +# archived files may be inherited from the first check in of a working +# file, as documented in the ci(1) man page. This means that even if +# the permissions of the working file have since changed, the older +# permissions of the first check in may be inherited. As mentioned in +# the ci(1) man page, users can control access to RCS files by setting +# the permissions of the directory containing the files (see +# archive-dir above). # (yes or no) use-rcs=no diff --git a/man/dispatch-conf.1 b/man/dispatch-conf.1 index b15629234..b82c2152d 100644 --- a/man/dispatch-conf.1 +++ b/man/dispatch-conf.1 @@ -1,4 +1,4 @@ -.TH "DISPATCH-CONF" "1" "Aug 2008" "Portage VERSION" "Portage" +.TH "DISPATCH-CONF" "1" "Jan 2011" "Portage VERSION" "Portage" .SH NAME dispatch-conf \- Sanely update configuration files after emerging new packages .SH SYNOPSIS @@ -73,6 +73,16 @@ Display a help screen. .B q Quit .I dispatch-conf. +.SH FILE MODES +\fBWARNING:\fR When \fB/etc/dispatch\-conf.conf\fR is configured +to use \fBrcs\fR(1), read and execute permissions of archived +files may be inherited from the first check in of a working file, +as documented in the \fBci\fR(1) man page. This means that even +if the permissions of the working file have since changed, the +older permissions of the first check in may be inherited. As +mentioned in the \fBci\fR(1) man page, users can control access +to RCS files by setting the permissions of the directory +containing the files. .SH "REPORTING BUGS" Please report bugs via http://bugs.gentoo.org/ .SH AUTHORS @@ -88,4 +98,6 @@ Grant Goodyear Configuration settings for \fIdispatch-conf\fR are stored here. .SH "SEE ALSO" .BR make.conf (5), -.BR etc-update (1) +.BR ci (1), +.BR etc-update (1), +.BR rcs (1) diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py index 5724d9169..228638c01 100644 --- a/pym/portage/dispatch_conf.py +++ b/pym/portage/dispatch_conf.py @@ -1,5 +1,5 @@ # archive_conf.py -- functionality common to archive-conf and dispatch-conf -# Copyright 2003-2004 Gentoo Foundation +# Copyright 2003-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 @@ -64,6 +64,9 @@ def read_config(mandatory_opts): if not os.path.exists(opts['archive-dir']): os.mkdir(opts['archive-dir']) + # Use restrictive permissions by default, in order to protect + # against vulnerabilities (like bug #315603 involving rcs). + os.chmod(opts['archive-dir'], 0o700) elif not os.path.isdir(opts['archive-dir']): print(_('dispatch-conf: Config archive dir [%s] must exist; fatal') % (opts['archive-dir'],), file=sys.stderr) sys.exit(1) -- cgit v1.2.3-1-g7c22