-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Using mkstemp will not solve this attack, since you can do the same trick for /the/zone-name (without .tmp), or any other file location OpenDNSSEC is using.
Best regards, Matthijs On 02/02/2012 01:22 PM, Bernhard Reutner-Fischer wrote: > On 2 February 2012 10:25, Matthijs Mekking <[email protected]> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Hi Bernhard, >> >> mkstemp returns a file descriptor (int), while for printing the >> zone, I expect a stream (FILE*). What symlink problems do you >> expect? > > It seems that the signer will usually not run with higher > privileges, but still, avoiding potential symlink attacks is always > a good thing. The zonefile-name is known, let's say i make a > symlink called /the/zone-name.tmp to /etc/nologin (won't do much > harm unless the signer runs as root but will prevent the signer to > work), /dev/log, some socket that is under my control, etc. You get > the idea. > > As to the FILE*: > > #include <stdlib.h> #include <stdio.h> #include <errno.h> #include > <string.h> #include <unistd.h> #include <sys/stat.h> int main(void) > { char template[] = > "/var/tmp/or_var_lib_ods_tmp.DELME.12321.XXXXXX"; int fd = > mkstemp(template); /* for some very good reason(?) i absolutely > must use buffered I/O ..*/ FILE *file = fdopen(fd, "w"); if (file > == NULL) { printf("ERROR: %s", strerror(errno)); > exit(EXIT_FAILURE); } fprintf(file, "something\n"); fclose(file); > chmod(template, 0640); rename(template, "/tmp/done"); > exit(EXIT_SUCCESS); } > >> >> I agree that logging problems with rename() would be useful, I >> will apply your patch. > > Great, thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPKoQqAAoJEA8yVCPsQCW51EUIAJTTHscTKHxrAABJ/QFhbv7v 3M7lb3vx8WaJGrinR5mJOFlfita2/Ggq+3Vu9g+M7xTLkW7FSWDrL88PCWQD3zLG t9ruqH0rfE8W6xkTKuIHCOFjCC1OzLTUfVZltn1UAiRvNNsvqpeUDdrpEK4s0SrR VGSDd6mz7X5k4DepHnblsEXDeg1N41V3EdME0EfhvqPpy0XgwNkdfygJNcDatvNN 9beM7BWQeIltbJ+pu1/30+j5P7KtNN5x9TUD3G47u6GTDPhfx609CExFo8czvf7S CFJZtso73Vy82E0yRjfw2hEfaUsMcxwoAruBD1OSbpVzbv9n4z3Um+kI8oFLA6Q= =UrZK -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
