Hi
Maybe. However if someone is added to a users group that should really mean
that they should at least be able to read things, even though they may not
be able to write to stuff. So I actually think bash and others do the wrong
thing here.
The way I have done it is also more in line with upstream opinion, even
though upstream think it is ok for even anyone to read this file.
New simplified and with better comments attached to this mail.
Best regards
// Ola
On Wed, Aug 3, 2016 at 12:16 AM, Emilio Pozuelo Monfort <[email protected]>
wrote:
> On 02/08/16 23:57, Ola Lundqvist wrote:
> > Hi Chris
> >
> > The reason I do not simply set the umask to a fixed value is to use the
> same
> > principle as upstream. That is honor the umask set bu the user. There
> may be
> > reasons why group read and/or write should be set for example.
> >
> > I agree with upstream that the umask should be honored, but not as
> strictly as
> > upstream do. This is why I just override the "world readable" part and
> let the
> > rest be controlled by the user.
> >
> > In the working patch you can see that I also set back the umask (just a
> little
> > further down in the file) as it was to just change this specific case of
> logging.
> >
> > More clear now?
>
> What do other programs do for similar files? My .bash_history is 0600 even
> though my umask is 0022. Having a umask that allows other users to read
> your
> files by default doesn't mean sensitive-information should be made
> available. So
> perhaps you should ignore if the umask allows the group to read files?
>
> Cheers,
> Emilio
>
>
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ [email protected] Folkebogatan 26 \
| [email protected] 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Description: World readable dbshell log file
This correction make sure the ~/.dbshell log file is not world readable.
.
mongodb (1:2.0.6-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Long Term Security Team.
* Make sure dbshell log file is not readable by others
CVE-2016-6494 (Closes: #832908).
Author: Ola Lundqvist <[email protected]>
Origin: other
Bug: https://jira.mongodb.org/browse/SERVER-25335
Bug-Debian: https://bugs.debian.org/832908
Forwarded: no
Reviewed-By: Ola Lundqvist <[email protected]>
Last-Update: 2016-08-01
Index: mongodb-2.0.6/third_party/linenoise/linenoise.cpp
===================================================================
--- mongodb-2.0.6.orig/third_party/linenoise/linenoise.cpp 2012-06-04 13:42:54.000000000 +0000
+++ mongodb-2.0.6/third_party/linenoise/linenoise.cpp 2016-08-02 22:28:13.094657162 +0000
@@ -104,11 +104,13 @@
#include <termios.h>
#include <unistd.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/stat.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <unistd.h>
@@ -799,6 +801,11 @@
/* Save the history in the specified file. On success 0 is returned
* otherwise -1 is returned. */
int linenoiseHistorySave(const char *filename) {
+ mode_t prev_mask = umask(0022);
+ // Make sure this file is not readable by others, but honor
+ // the umask for user and group permissions.
+ // CVE-2016-6494
+ umask(prev_mask | S_IRWXO);
FILE *fp = fopen(filename,"w");
int j;
@@ -808,6 +815,8 @@
fprintf(fp,"%s\n",history[j]);
}
fclose(fp);
+ // return umask as it was before
+ umask(prev_mask);
return 0;
}
@@ -817,6 +826,15 @@
* If the file exists and the operation succeeded 0 is returned, otherwise
* on error -1 is returned. */
int linenoiseHistoryLoad(const char *filename) {
+ struct stat fileStat;
+ if (stat(filename,&fileStat) < 0) return -1;
+ if (fileStat.st_mode & S_IRWXO) {
+ // If the file is world readable, writeable or executable
+ // make sure it is not but keep all other permissions.
+ // CVE-2016-6494
+ chmod(filename, fileStat.st_mode & 0777770);
+ }
+
FILE *fp = fopen(filename,"r");
char buf[LINENOISE_MAX_LINE];
