[Bug 445105] Re: uses unsafe /tmp files
This bug was fixed in the package eucalyptus - 1.6~bzr931-0ubuntu4 --- eucalyptus (1.6~bzr931-0ubuntu4) karmic; urgency=low [ Kees Cook ] * Fix unsafe /tmp file uses (LP: #445105): - tools/detach.pl: remove debugging XML dump call. - node/handlers_xen.c: use mkstemp(). [ Mathias Gug ] * debian/eucalyptus-common.eucalyptus.upstart: Start eucalyptus-cloud with all the relevant options (LP: #452665). [ Dustin Kirkland ] * cluster/handlers.c, net/vnetwork.c: label the 169.254.169.254 link local address with :metadata, the public vm ip addresses with :pub, and the private vm ip addresses with :priv, to separate it appropriately (LP: #452754) * debian/eucalyptus-ipaddr.conf: and now that we're separating the weird addresses to their own labels, we can show just the device label, much cleaner output, (LP: #451607) * debian/copyright: Eucalyptus licensed 1.6 under the GPLv3, update our copyright file accordingly, (LP: #453129) * debian/control, debian/eucalyptus-java-common.links: the CLC absolutely needs the ecj.jar installed and linked for euca-* and ec2-* API calls to work (LP: #453177) -- Dustin Kirkland kirkl...@ubuntu.com Fri, 16 Oct 2009 13:28:32 -0500 ** Changed in: eucalyptus (Ubuntu Karmic) Status: Fix Committed = Fix Released -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
Greetings,
We've analyzed the points in the source tree that are referenced, and
have found that none of them are actually exercised in a Karmic default
eucalyptus running system. More detail on each follows:
GLclient is a testing utility that doesn't get installed by the package (or a
'make install' for that matter)
./gatherlog/GLclient.c: env = axutil_env_create_all(/tmp/fooh,
AXIS2_LOG_LEVEL_TRACE);
install-sh is only used for building eucalyptus
./install-sh:tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
the function in 'storage.c' that uses these files is only used by 'test.c' in
'storage/', which is a utility that is never installed
./storage/storage.c:#define F1 /tmp/improbable-cache-file-1
./storage/storage.c:#define F2 /tmp/improbable-cache-file-2
./storage/storage.c:#define F3 /tmp/improbable-cache-file-3
./storage/storage.c:#define F4 /tmp/improbable-cache-file-4
./storage/storage.c:#define F5 /tmp/improbable-cache-file-5
./storage/storage.c:#define RM_CMD rm -rf /tmp/improbable-cache-file-?
CCclient is a debugging utility that is not installed
./cluster/CCclient.c: env = axutil_env_create_all(/tmp/fofo,
AXIS2_LOG_LEVEL_TRACE);
These two are never used for Karmic by default (which uses the handlers_kvm.c),
unless a user installs Xen on their node controllers. The first can be
entirely removed (is just there for debugging). The second is actually, I
believe, as unpredictable or more so than a file created with mktemp().
Eucalyptus instanceIds are random unique ids of 8 hex characters (i-ABCDEFGH
where A-H are hex values).
./tools/detach.pl:system(cp $virshxmlfile /tmp/wtf);
./node/handlers_xen.c: snprintf(filename, 1024, /tmp/consoleOutput.%s,
instanceId);
The httpd*.conf that ends up actually being used has this value set to '/'
instead of '/tmp'. The init script(s) actually replace this with '/'.
./debian/patches/var_lib_eucalyptus.diff: HTTPD_HOME=/tmp/
./tools/httpd.conf:ServerRoot /tmp
This tool is never installed.
./tools/euca_watchdog.pl:our $chkpt_file = /tmp/euca_watchdog.checkpoint;
--
uses unsafe /tmp files
https://bugs.launchpad.net/bugs/445105
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 445105] Re: uses unsafe /tmp files
That's great news, Dan. Could you commit a single revision that cleans these up? I'll merge into our tree and upload immediately... :-Dustin -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 445105] Re: uses unsafe /tmp files
On Thu, Oct 15, 2009 at 06:01:44PM -, Daniel Nurmi wrote:
We've analyzed the points in the source tree that are referenced, and
have found that none of them are actually exercised in a Karmic default
eucalyptus running system. More detail on each follows:
Excellent, the bulk of these can be ignored then. :)
These two are never used for Karmic by default (which uses the
handlers_kvm.c), unless a user installs Xen on their node controllers. The
first can be entirely removed (is just there for debugging). The second is
actually, I believe, as unpredictable or more so than a file created with
mktemp(). Eucalyptus instanceIds are random unique ids of 8 hex characters
(i-ABCDEFGH where A-H are hex values).
./tools/detach.pl:system(cp $virshxmlfile /tmp/wtf);
Yeah, this line should just be removed.
./node/handlers_xen.c: snprintf(filename, 1024,
/tmp/consoleOutput.%s, instanceId);
Would it make sense to use some other location instead of /tmp? While
it's not predictable, the file isn't handled safely on creation. At the
least, I would recommend adding O_EXCL to the flags. This may require
an unlink() call to blow away old files, but that's symlink-attack safe.
With the O_EXCL, worst case is a DoS on the console output.
Speaking of that code, I noticed this on the side that waits for the file
to appear:
while(count 1 stat(filename, statbuf) 0) {count++;}
fd = open(filename, O_RDONLY);
That loop is going to go by _very_ quickly. e.g. on my system, that takes
0.017 seconds to execute. I would recommend (not for security, but for
possible race bugs) that you use nanosleep() and time() for choosing an
actual timeout to wait with. :)
Thanks for checking!
-Kees
--
Kees Cook
Ubuntu Security Team
--
uses unsafe /tmp files
https://bugs.launchpad.net/bugs/445105
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Changed in: eucalyptus (Ubuntu Karmic) Assignee: Thierry Carrez (ttx) = Kees Cook (kees) ** Changed in: eucalyptus (Ubuntu Karmic) Status: Triaged = In Progress -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Branch linked: lp:~ubuntu-core-dev/eucalyptus/ubuntu -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
http://bazaar.launchpad.net/~ubuntu-core- dev/eucalyptus/ubuntu/revision/697?remember=695compare_revid=695 ** Changed in: eucalyptus (Ubuntu Karmic) Status: In Progress = Fix Committed -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Changed in: eucalyptus (Ubuntu Karmic) Assignee: Kees Cook (kees) = Dustin Kirkland (kirkland) -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Tags added: eucalyptus -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Changed in: eucalyptus (Ubuntu Karmic) Assignee: (unassigned) = Thierry Carrez (ttx) -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 445105] Re: uses unsafe /tmp files
** Also affects: eucalyptus (Ubuntu Karmic) Importance: High Status: Triaged ** Visibility changed to: Public ** Changed in: eucalyptus (Ubuntu Karmic) Milestone: None = ubuntu-9.10 -- uses unsafe /tmp files https://bugs.launchpad.net/bugs/445105 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
