Hi all,
as I was checking CVE-2011-4339 >>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4339 <<
I've noticed other things as well.
#1 As for CVE in question, I think it can be solved by using umask(022).
#2 ipmievd shouldn't start at all if it is unable to create PID file.
However, such fact is being ignored here.
#3 And the last thing is, it is possible to have multiple instances of
ipmievd running. And that's
all fine and dandy, but rewriting the same PID file over and over
doesn't seem fine to me.
No, it should be reported and in case PID file exist, exit and refuse to run.
Code in question:
~~~ 'src/ipmievd.c' ~~~
[...]
int
ipmievd_main(struct ipmi_event_intf * eintf, int argc, char ** argv)
{
[...]
/* if PID file exists, exit */
if (lstat(pidfile, &st1) == 0) {
/* already exists, erase first */
if (unlink(pidfile) != 0) {
lprintf(LOG_WARN, "Unable to erase pidfile");
}
}
/* umask(022); here */
fp = ipmi_open_file_write(pidfile);
if (fp != NULL) {
fprintf(fp, "%d\n", (int)getpid());
fclose(fp);
}
/* check whether PID file was created here */
[...]
~~~ 'src/ipmievd.c' ~~~
#4 function sel_watch_wait() doesn't have return, but it is supposed to
return int. Code is not included here.
How about it? I don't claim this list is complete nor I've tried to create
such list. These I've noticed along the way.
Thank in advance for any comments.
Best regards,
Z.
------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
