On Fri, Aug 15, 2014 at 11:51:53PM +0200, Paul de Weerd wrote:
| At any rate, this changes that to allow world readable files (still
| not taking world writable files). We can't check S_IWOTH over tftp,
| we should probably assume 0777 for files transferred that way. But,
| if you're trusting the kernel you're getting over tftp, then why the
| hell are you not trusting random.seed? That attacker that could maybe
| influence your randomness would NEVER touch your kernel to ensure it
| only produces well known (to them) randomness. That would be way too
| easy...
Actually, no, scratch that. You don't want the local seed to be world
readable, since that will expose it to everybody on the local system
for non-TFTP loaded kernels and seedfiles.
The alternative then is to assume 0440 for files transferred from
tftp. The permissions on files transferred from tftp are irrelevant
following the above argument (you trust that kernel you just
downloaded, might aswell trust random.seed). To make random.seed pass
the loadrandom() tests, just set st_mode to 0440:
Index: tftp.c
===================================================================
RCS file: /cvs/src/sys/lib/libsa/tftp.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 tftp.c
--- tftp.c 13 Jul 2014 15:31:20 -0000 1.6
+++ tftp.c 15 Aug 2014 22:03:27 -0000
@@ -386,7 +386,7 @@ tftp_stat(struct open_file *f, struct st
struct tftp_handle *tftpfile;
tftpfile = (struct tftp_handle *) f->f_fsdata;
- sb->st_mode = 0444;
+ sb->st_mode = 0440;
sb->st_nlink = 1;
sb->st_uid = 0;
sb->st_gid = 0;
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
