Re: compress utilities

Thu, 07 Sep 2006 19:19:29 -0700 

From 'man 1 gzexe':
CAVEATS
The compressed executable is a shell  script. This may create some security
holes. In particular, the compressed executable relies on the PATH environment
variable to find gzip and some other utilities (tail, chmod, ln, sleep).

This doesn't seem to be a caveat anymore. All the programs in the compressed 
executable script have an explicit path.

And, from 'man 1 gzexe':
BUGS
gzexe attempts to retain the original file attributes on the compressed  
executable,  but  you  may  have to fix them manually in some cases, using 
chmod or chown.

The vanilla GNU gzexe script seems to not change permissions.

In:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/compress/gzexe

permissions are reset with 'chmod u+x'

The BUGS doesn't mention the temp race vulnerability fixed by the Owl 
hardened-tmp patch, and obsd's gzexe.

Attached is a patch to obsd's gzexe to make it work with Linux (also 
substitute /usr/bin/mktemp with /bin/mktemp with recent hlfs), because we put 
gzip in /bin, and Linux's stat(1) uses a different switch for the format 
option. The patch also fixes a posix bug with tail(1) which also exists in 
the GNU version, and is being reported to LFS trac.

robert

--- gzexe.orig	2005-09-30 06:50:44.000000000 +0000
+++ gzexe	2006-09-08 01:46:00.000000000 +0000
@@ -38,8 +38,8 @@
 			/bin/echo "$prog: cannot create tmp dir"; exit 1
 		}
 		trap '/bin/rm -rf "$tmp"' 0
-		if /usr/bin/tail +$lines "$0" |
-		    /usr/bin/gzip -dc > "$tmp/$prog" 2> /dev/null; then
+		if /usr/bin/tail -n +$lines "$0" |
+		    /bin/gzip -dc > "$tmp/$prog" 2> /dev/null; then
 			/bin/chmod u+x "$tmp/$prog"
 			"$tmp/$prog" ${1+"$@"}
 			ret=$?
@@ -111,7 +111,7 @@
 	/bin/sh
 	/bin/rm
 	/usr/bin/basename
-	/usr/bin/gzip
+	/bin/gzip
 	/usr/bin/mktemp
 	/usr/bin/tail
 	"
@@ -124,10 +124,10 @@
 	# See if the program we are trying to compress is in the list.
 	# To avoid compressing hardlinked files (eg compress & gzip)
 	# we compare the device & inode.
-	PROG_STAT_INFO=`stat -f '%d %i' "$1"`
+	PROG_STAT_INFO=`stat -c '%d %i' "$1"`
 	for CHECK in $CHECK_LIST; do
 		if test -f "$CHECK"; then
-			CHECK_STAT_INFO=`stat -f '%d %i' "$CHECK"`
+			CHECK_STAT_INFO=`stat -c '%d %i' "$CHECK"`
 			if test "X$PROG_STAT_INFO" == "X$CHECK_STAT_INFO"; then
 				echo "$prog: cannot compress $1, it is the same file as $CHECK"
 				return 1

Attachment: pgpcXg4ZXFZrQ.pgp
Description: PGP signature

-- 
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to