From 546139d41fb1ba0e0f74dbaf85e97a0b92e3f435 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 24 Sep 2007 07:09:41 +0000 Subject: fix possible information leak vulnerability when doing a merge of configuration files and be better about handling of whitespace in $TMP in a few places svn path=/main/trunk/; revision=7799 --- bin/etc-update | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) (limited to 'bin') diff --git a/bin/etc-update b/bin/etc-update index 0a6a79e9c..268185676 100755 --- a/bin/etc-update +++ b/bin/etc-update @@ -367,18 +367,26 @@ Please select from the menu above (-1 to ignore this update): " } function do_merge() { + # make sure we keep the merged file in the secure tempdir + # so we dont leak any information contained in said file + # (think of case where the file has 0600 perms; during the + # merging process, the temp file gets umask perms!) local file="${1}" local ofile="${2}" - local mfile="${2}.merged" + local mfile="${TMP}/${2}.merged" local -i my_input=0 echo "${file} ${ofile} ${mfile}" - if [ -e ${mfile} ] ; then + if [[ -e ${mfile} ]] ; then echo "A previous version of the merged file exists, cleaning..." - rm ${rm_opts} ${mfile} + rm ${rm_opts} "${mfile}" fi + # since mfile will be like $TMP/path/to/original-file.merged, we + # need to make sure the full /path/to/ exists ahead of time + mkdir -p "${mfile%/*}" + until (( ${my_input} == -1 )); do echo "Merging ${file} and ${ofile}" $(echo "${merge_command}" | @@ -402,8 +410,8 @@ Please select from the menu above (-1 to exit, losing this merge): " chown "$(stat -f %Su:%Sg "${ofile}")" "${mfile}" chmod $(stat -f %Mp%Lp "${ofile}") "${mfile}" fi - mv ${mv_opts} ${mfile} ${ofile} - rm ${rm_opts} ${file} + mv ${mv_opts} "${mfile}" "${ofile}" + rm ${rm_opts} "${file}" return 255 ;; 2) ( echo "Showing differences between ${ofile} and ${mfile}" @@ -417,7 +425,7 @@ Please select from the menu above (-1 to exit, losing this merge): " 4) ${EDITOR:-nano -w} "${mfile}" continue ;; - 5) rm ${rm_opts} ${mfile} + 5) rm ${rm_opts} "${mfile}" return 0 ;; *) continue @@ -425,7 +433,7 @@ Please select from the menu above (-1 to exit, losing this merge): " esac done done - rm ${rm_opts} ${mfile} + rm ${rm_opts} "${mfile}" return 255 } @@ -439,7 +447,7 @@ function die() { [ ${count} -gt 0 ] && echo "NOTE: ${count} updates remaining" fi - rm -rf ${TMP} + rm -rf "${TMP}" exit ${2} } @@ -461,9 +469,12 @@ export PORTAGE_TMPDIR #echo $CONFIG_PROTECT_MASK #export PORTAGE_TMPDIR=$(/usr/lib/portage/bin/portageq envvar PORTAGE_TMPDIR) -TMP="${PORTAGE_TMPDIR}/$$" -rm -rf ${TMP} 2> /dev/null -mkdir ${TMP} || die "failed mkdir command!" 1 +TMP="${PORTAGE_TMPDIR}/etc-update-$$" +rm -rf "${TMP}" 2> /dev/null +mkdir "${TMP}" || die "failed to create temp dir" 1 +# make sure we have a secure directory to work in +chmod 0700 "${TMP}" || die "failed to set perms on temp dir" 1 +chown ${UID:-0}:${GID:-0} "${TMP}" || die "failed to set ownership on temp dir" 1 # I need the CONFIG_PROTECT value #CONFIG_PROTECT=$(/usr/lib/portage/bin/portageq envvar CONFIG_PROTECT) -- cgit v1.2.3-1-g7c22