Re: [PATCH] The check of !S_ISDIR(sb.st_mode) in second time is wrong since it's already known to be false at that point.

Sun, 18 Jan 2015 12:34:43 -0800 

I'm not sure what the original intent of the change was and I don't
understand the commit message (below).

It seems like the second !S_ISDIR check is both unnecessary and
backwards... Thomas?

(Also I think we should probably still create tmux-%u under TMUX_TMPDIR,
so that is wrong too. Otherwise it is not secure if TMUX_TMPDIR is
shared.)


revision 1.123
date: 2013/10/10 12:03:22;  author: nicm;  state: Exp;  lines: +5 -3;
Don't treat TMUX_TMPDIR as a potential file

The point of setting TMUX_TMPDIR is to then make any labels from -L go
to that directory.  In the case of makesocketpath() with no TMUX_TMPDIR
set, would set both the path and the default socket to a file.  The
checking of the permissions on the file worked fine in that case, but
when TMUX_TMPDIR is set, won't work on a directory.

This fixes the problem by ensuring the check on the permissions is
performed on directories only.

By Thomas Adam.


On Mon, Jan 19, 2015 at 01:11:50AM +0500, Dmitri Paduchikh wrote:
> Hello,
> 
> I am afraid that my first message wasn't clear. Not from first look at
> least. Sorry about that. Let me elaborate, I think it is probably a
> security bug. makesocketpath() checks !S_ISDIR(sb.st_mode); when true it
> returns with error. But then it checks !S_ISDIR(sb.st_mode) in second
> time and it is definitely false at this point:
> 
> if (sb.st_uid != uid || (!S_ISDIR(sb.st_mode) &&
>               sb.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
>               errno = EACCES;
>               return (NULL);
>       }
> 
> Being false it effectively disables the permission check. Hence, for
> example, world-writable directory will pass.
> 
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> tmux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tmux-users

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
tmux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tmux-users

Reply via email to