From patchwork Wed Feb 15 12:32:23 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasiliy Kulikov X-Patchwork-Id: 141314 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 7F8F91007D5 for ; Wed, 15 Feb 2012 23:37:21 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758138Ab2BOMhQ (ORCPT ); Wed, 15 Feb 2012 07:37:16 -0500 Received: from mail-bk0-f46.google.com ([209.85.214.46]:55017 "EHLO mail-bk0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758036Ab2BOMhO (ORCPT ); Wed, 15 Feb 2012 07:37:14 -0500 Received: by bkcjm19 with SMTP id jm19so869879bkc.19 for ; Wed, 15 Feb 2012 04:37:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=waLuP5xB2HsKykfUCu3EkH/LP/x3AsxIA5VE2W0t+2Q=; b=MqBWkGZd6ehzMTkV7lEBgu0hKNV3+rv9jbKE5auJG4i2WJBomY4m3djGeXSB6CZ/Y9 UJ2P4C21XDZb4sIETN8Bl3KTE82PGG59RIndQ+O9X3z7IvaPSphFbsr7gJ5PRRgG0eLi LRh5/k44lck5WL44F9gnev1GwJu6xajhHg0FY= Received: by 10.204.129.200 with SMTP id p8mr11483171bks.114.1329309432545; Wed, 15 Feb 2012 04:37:12 -0800 (PST) Received: from localhost (ppp83-237-27-23.pppoe.mtu-net.ru. [83.237.27.23]) by mx.google.com with ESMTPS id o7sm6244854bkw.16.2012.02.15.04.37.09 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 15 Feb 2012 04:37:11 -0800 (PST) Date: Wed, 15 Feb 2012 16:32:23 +0400 From: Vasiliy Kulikov To: netdev@vger.kernel.org, security@kernel.org, shemminger@osdl.org, kuznet@ms2.inr.ac.ru Cc: Solar Designer Subject: [patch] iproute: fix dangerous /tmp/ handling Message-ID: <20120215123223.GA14094@albatros> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Using "/tmp/file" without checking file owner is dangerous. It could be a symlink pointing to user's file. If one creates such symlink and makes victim do "./configure", gcc executed with UID=victim would compile attacker's source file into arbitrary location (e.g. into ~victim/bin/). Instead use a directory created with mktemp and handle all temporary files in this directory only. The same with dhcp-client-script sample script. Signed-off-by: Vasiliy Kulikov --- configure | 34 +++++++++++++++++++--------------- examples/dhcp-client-script | 2 +- 2 files changed, 20 insertions(+), 16 deletions(-) -- diff -uNp -r iproute2-3.2.0.old/configure iproute2-3.2.0/configure --- iproute2-3.2.0.old/configure 2012-01-05 16:34:31 +0000 +++ iproute2-3.2.0/configure 2012-02-15 12:29:16 +0000 @@ -3,9 +3,13 @@ # INCLUDE=${1:-"$PWD/include"} +TMPDIR="`mktemp -dt iproute.XXXXXXXXXX`" || exit +trap 'rm -rf -- "$TMPDIR"' EXIT +trap 'trap - EXIT; rm -rf -- "$TMPDIR"; exit 1' HUP INT QUIT TERM + check_atm() { -cat >/tmp/atmtest.c <$TMPDIR/atmtest.c < int main(int argc, char **argv) { struct atm_qos qos; @@ -13,7 +17,7 @@ int main(int argc, char **argv) { return 0; } EOF -gcc -I$INCLUDE -o /tmp/atmtest /tmp/atmtest.c -latm >/dev/null 2>&1 +gcc -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1 if [ $? -eq 0 ] then echo "TC_CONFIG_ATM:=y" >>Config @@ -21,13 +25,13 @@ then else echo no fi -rm -f /tmp/atmtest.c /tmp/atmtest +rm -f $TMPDIR/atmtest.c $TMPDIR/atmtest } check_xt() { #check if we have xtables from iptables >= 1.4.5. -cat >/tmp/ipttest.c <$TMPDIR/ipttest.c < #include static struct xtables_globals test_globals = { @@ -47,12 +51,12 @@ int main(int argc, char **argv) EOF -if gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL $(pkg-config xtables --cflags --libs) -ldl >/dev/null 2>&1 +if gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL $(pkg-config xtables --cflags --libs) -ldl >/dev/null 2>&1 then echo "TC_CONFIG_XT:=y" >>Config echo "using xtables" fi -rm -f /tmp/ipttest.c /tmp/ipttest +rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest } check_xt_old() @@ -64,7 +68,7 @@ then fi #check if we dont need our internal header .. -cat >/tmp/ipttest.c <$TMPDIR/ipttest.c < char *lib_dir; unsigned int global_option_offset = 0; @@ -84,14 +88,14 @@ int main(int argc, char **argv) { } EOF -gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1 +gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1 if [ $? -eq 0 ] then echo "TC_CONFIG_XT_OLD:=y" >>Config echo "using old xtables (no need for xt-internal.h)" fi -rm -f /tmp/ipttest.c /tmp/ipttest +rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest } check_xt_old_internal_h() @@ -103,7 +107,7 @@ then fi #check if we need our own internal.h -cat >/tmp/ipttest.c <$TMPDIR/ipttest.c < #include "xt-internal.h" char *lib_dir; @@ -124,14 +128,14 @@ int main(int argc, char **argv) { } EOF -gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl >/dev/null 2>&1 +gcc -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1 if [ $? -eq 0 ] then echo "using old xtables with xt-internal.h" echo "TC_CONFIG_XT_OLD_H:=y" >>Config fi -rm -f /tmp/ipttest.c /tmp/ipttest +rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest } check_ipt() @@ -160,7 +164,7 @@ check_ipt_lib_dir() check_setns() { -cat >/tmp/setnstest.c <$TMPDIR/setnstest.c < int main(int argc, char **argv) { @@ -168,7 +172,7 @@ int main(int argc, char **argv) return 0; } EOF -gcc -I$INCLUDE -o /tmp/setnstest /tmp/setnstest.c >/dev/null 2>&1 +gcc -I$INCLUDE -o $TMPDIR/setnstest $TMPDIR/setnstest.c >/dev/null 2>&1 if [ $? -eq 0 ] then echo "IP_CONFIG_SETNS:=y" >>Config @@ -176,7 +180,7 @@ then else echo "no" fi -rm -f /tmp/setnstest.c /tmp/setnstest +rm -f $TMPDIR/setnstest.c $TMPDIR/setnstest } echo "# Generated config based on" $INCLUDE >Config diff -uNp -r iproute2-3.2.0.old/examples/dhcp-client-script iproute2-3.2.0/examples/dhcp-client-script --- iproute2-3.2.0.old/examples/dhcp-client-script 2012-01-05 16:34:31 +0000 +++ iproute2-3.2.0/examples/dhcp-client-script 2012-02-15 12:29:37 +0000 @@ -14,7 +14,7 @@ # we should install and preserve. # -exec >> /tmp/DHS.log 2>&1 +exec >> /var/log/DHS.log 2>&1 echo dhc-script $* reason=$reason set | grep "^\(old_\|new_\|check_\)"