[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
0.91a config file permissions bug
From: |
Sergey Poznyakoff |
Subject: |
0.91a config file permissions bug |
Date: |
Wed, 04 Apr 2001 15:38:33 +0300 |
Hello,
When doing `write memory' all programs from zebra-0.91a package set
privileges on written config file to 666, which is very unsafe. The
bug is present in the version available from ftp as well as in the
version in CVS repository. I have tested it on Linux with kernel
2.2.17. The package was configured with
./configure --sysconfdir=/etc
The cause of this behaviour seems to be that mkstemp() call sets
privileges 666 on the file it creates. It can be fixed using
following patch:
*** lib/orig/command.c Wed Apr 4 14:19:07 2001
--- lib/command.c Wed Apr 4 14:20:53 2001
***************
*** 2156,2161 ****
--- 2156,2162 ----
{
int i;
int fd;
+ int oldmask;
struct cmd_node *node;
char *config_file;
char *config_file_tmp = NULL;
***************
*** 2173,2178 ****
--- 2174,2180 ----
config_file_tmp = malloc (strlen (config_file) + 8);
sprintf (config_file_tmp, "%s.XXXXXX", config_file);
+ oldmask = umask(077); /* Be on the safe side */
/* Open file to configuration write. */
fd = mkstemp (config_file_tmp);
if (fd < 0)
***************
*** 2181,2186 ****
--- 2183,2189 ----
VTY_NEWLINE);
free (config_file_tmp);
free (config_file_sav);
+ umask(oldmask);
return CMD_WARNING;
}
***************
*** 2210,2215 ****
--- 2213,2219 ----
free (config_file_sav);
free (config_file_tmp);
unlink (config_file_tmp);
+ umask(oldmask);
return CMD_WARNING;
}
if (link (config_file, config_file_sav) != 0)
***************
*** 2219,2224 ****
--- 2223,2229 ----
free (config_file_sav);
free (config_file_tmp);
unlink (config_file_tmp);
+ umask(oldmask);
return CMD_WARNING;
}
sync ();
***************
*** 2229,2234 ****
--- 2234,2240 ----
free (config_file_sav);
free (config_file_tmp);
unlink (config_file_tmp);
+ umask(oldmask);
return CMD_WARNING;
}
if (link (config_file_tmp, config_file) != 0)
***************
*** 2238,2243 ****
--- 2244,2250 ----
free (config_file_sav);
free (config_file_tmp);
unlink (config_file_tmp);
+ umask(oldmask);
return CMD_WARNING;
}
unlink (config_file_tmp);
***************
*** 2247,2252 ****
--- 2254,2260 ----
free (config_file_tmp);
vty_out (vty, "Configuration saved to %s%s", config_file,
VTY_NEWLINE);
+ umask(oldmask);
return CMD_SUCCESS;
}
Kind regards,
Sergey Poznyakoff
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- 0.91a config file permissions bug,
Sergey Poznyakoff <=