Re: (ITS#8328) Information leak in slapo-auditlog

hyc Thu, 03 Dec 2015 12:13:25 -0800

[email protected] wrote:
> Full_Name: Moritz M.hlenhoff
> Version: 2.4.40
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (91.96.145.189)
>
>
> I setup a test system which made use of the slapo-auditlog overlay using these
> config options:
>
> moduleload auditlog
> overlay auditlog
> auditlog /var/lib/ldap/slapd-audit.log
>
> The /var/lib/ldap/slapd-audit.log was created with world-readable permissions,
> which constitutes a security issue since that file also logs sensitive
> attributes which are otherwise protected by ACLs (such as password hashes).
>
>
> Proposed patch:
>
> diff -aur openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c
> openldap-2.4.40+dfsg/rvrvers/slapd/overlays/auditlog.c
> --- openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c 2014-09-19
> 01:48:49.000000000 +0000
> +++ openldap-2.4.40+dfsg/servers/slapd/overlays/auditlog.c      2015-12-02
> 11:08:24.331146770 +0000
> @@ -121,6 121,7 @@
>
>          peername = op->o_conn->c_peer_name;
>          ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
> +       umask(027);
>          if((f = fopen(ad->ad_logfile, "a")) == NULL) {
>                  ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
>                  return SLAP_CB_CONTINUE;
>
>
>
The patch is unacceptable, umask() is process-wide and persistent. No slapd 
code should be overriding any umask that may have been set when slapd was 
launched.


The correct fix for this is to set the desired umask in whatever startup 
script you use to start slapd. Closing this ITS.


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: (ITS#8328) Information leak in slapo-auditlog

Reply via email to