gdomap is b0rken

[Alexey I. Froloff]

gdomap service is insecure and completely broken. Well, somehow
it works, but...

...
  if (pidfile)
    {
      FILE      *fptr;

#ifndef __MINGW__
      if (getuid () == 0)
#endif
        {
          fptr = fopen(pidfile, "at");
...

First of all, there is no any checks if daemon is already
running, if pidfile is ordinary file (not a symlink) and owned by
root. Second - this is a Bad Thing(tm) to create pidfile with
fopen(2), one should use open(2) with O_CREAT|O_EXCL.

And instead of getuid(2), geteuid(2) should be used.

...
static void
dump_tables()
{
  FILE  *fptr;

  soft_int++;
  fptr = fopen("gdomap.dump", "w");
...

Once again, no checks if file already exists and it's not
synlink, daemon opens this file in current directory without any
checks was chdir(2) successful or not...

...
      setuid (uid);
      setgid (gid);
      setgroups (0, 0); /* Empty additional groups list */
    }
#endif /* __MINGW__ */

#if     !defined(__svr4__)
  /*
   * As another level of paranoia - restrict this process to /tmp
   */
  chdir("/tmp");
#ifndef __MINGW__
  chroot("/tmp");
#endif /* __MINGW__ */
#endif /* __svr4__ */
...

In this code chroot(2) will _always_ fail since it needs
superuser privileges... And right way to do is
chroot("/path"); chdir("/");

Finally, lots of {m,c,re}alloc(3)'s immediately followed by
memcpy(3) without any checks if memory was allocated
successfully. You can't do this in daemon...

P.S. But please, do not tell, that you do this to keep
"compatibility" with some *32 "sustems"...

-- 
Regards,
Sir Raorn.

pgp6_AVdhWr3C.pgp
Description: PGP signature