help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing file gives bad error message


From: Mark . Burgess
Subject: Re: Missing file gives bad error message
Date: Tue, 20 Apr 2004 19:06:27 +0200 (MEST)

The cannot stat could mean the file does not exist, or that access
was denied or that the keys were wrong....

M

On 20 Apr, Eric Sorenson wrote:
> On Thu, 15 Apr 2004 address@hidden wrote:
>> On 15 Apr, Christian Pearce wrote:
>> > Is there any reason we can't put file doesn't exist?  Or is this a security
>> > thing?  (ie. don't give out information to a potential attacker)
>> You hit the nail on the head. 
> 
> This can't be true, can it? I looked into this pretty deeply because I
> get many, many megabytes of these bogus errors due to the way I use
> 'singlecopy' to pick the best-match file out of a repository, and it
> looked to me like the "couldn't stat" error was nested inside 
> RefuseAccess in cfservd.c, so it got the generic "access denied"
> lines after the lstat-specific errors as a side-effect. 
> 
> The client error (the presumable vector for an attack) does say more
> concisely what the actual problem was, so if the intent was to obscure
> information, it's not successful
> 
> Apr 20 09:28:38 victor cfengine:victor[2448]: Can't stat 
>     /export/home/local/cfengine2/dist/etc/ldap.conf.victor in copy 
> 
> I couldn't find an easy way to change this behavior, but if there's
> anyone else who cares to look at it, IMO it would be beneficial to make "can't
> stat" on the server just say the actual problem instead of the additional
> (misleading) error.
> 
> Apr 20 09:28:38 sinistar cfservd[12312]:  Couldn't stat filename
> /export/home/local/cfengine2/dist/etc/ldap.conf.victor from host 
> victor.xxx.com Apr 20 09:28:38
> sinistar cfservd[12312]:  lstat Apr 20 09:28:38 sinistar cfservd[12312]: Host
> authorization/authentication failed or access denied Apr 20 09:28:38 sinistar 
> cfservd[12312]:
> From (host=victor.xxx.com,user=root,ip=10.0.2.120) Apr 20 09:28:38 sinistar 
> cfservd[12312]:  ID
> from connecting host: (SYNCH 1082478518 STAT
> /export/home/local/cfengine2/dist/etc/ldap.conf.victor)
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





reply via email to

[Prev in Thread] Current Thread [Next in Thread]