fix possible information leak vulnerability when doing a merge of configuration files...
authorMike Frysinger <vapier@gentoo.org>
Mon, 24 Sep 2007 07:09:41 +0000 (07:09 -0000)
committerMike Frysinger <vapier@gentoo.org>
Mon, 24 Sep 2007 07:09:41 +0000 (07:09 -0000)
svn path=/main/trunk/; revision=7799

bin/etc-update

index 0a6a79e9cc1c41184a4da6b5515dbad9bf82003f..26818567600ffafe925d8f8d52d6a66ac664e862 100755 (executable)
@@ -367,18 +367,26 @@ Please select from the menu above (-1 to ignore this update): "
 }
 
 function do_merge() {
+       # make sure we keep the merged file in the secure tempdir
+       # so we dont leak any information contained in said file
+       # (think of case where the file has 0600 perms; during the
+       # merging process, the temp file gets umask perms!)
 
        local file="${1}"
        local ofile="${2}"
-       local mfile="${2}.merged"
+       local mfile="${TMP}/${2}.merged"
        local -i my_input=0
        echo "${file} ${ofile} ${mfile}"
 
-       if [ -e ${mfile} ] ; then
+       if [[ -e ${mfile} ]] ; then
                echo "A previous version of the merged file exists, cleaning..."
-               rm ${rm_opts} ${mfile}
+               rm ${rm_opts} "${mfile}"
        fi
 
+       # since mfile will be like $TMP/path/to/original-file.merged, we
+       # need to make sure the full /path/to/ exists ahead of time
+       mkdir -p "${mfile%/*}"
+
        until (( ${my_input} == -1 )); do
                echo "Merging ${file} and ${ofile}"
                $(echo "${merge_command}" |
@@ -402,8 +410,8 @@ Please select from the menu above (-1 to exit, losing this merge): "
                                       chown "$(stat -f %Su:%Sg "${ofile}")" "${mfile}"
                                       chmod $(stat -f %Mp%Lp "${ofile}") "${mfile}"
                                   fi
-                                  mv ${mv_opts} ${mfile} ${ofile}
-                                  rm ${rm_opts} ${file}
+                                  mv ${mv_opts} "${mfile}" "${ofile}"
+                                  rm ${rm_opts} "${file}"
                                   return 255
                                   ;;
                                2) ( echo "Showing differences between ${ofile} and ${mfile}"
@@ -417,7 +425,7 @@ Please select from the menu above (-1 to exit, losing this merge): "
                                4) ${EDITOR:-nano -w} "${mfile}"
                                   continue
                                         ;;
-                               5) rm ${rm_opts} ${mfile}
+                               5) rm ${rm_opts} "${mfile}"
                                   return 0
                                   ;;
                                *) continue
@@ -425,7 +433,7 @@ Please select from the menu above (-1 to exit, losing this merge): "
                        esac
                done
        done
-       rm ${rm_opts} ${mfile}
+       rm ${rm_opts} "${mfile}"
        return 255
 }
 
@@ -439,7 +447,7 @@ function die() {
                [ ${count} -gt 0 ] && echo "NOTE: ${count} updates remaining"
        fi
 
-       rm -rf ${TMP}
+       rm -rf "${TMP}"
        exit ${2}
 }
 
@@ -461,9 +469,12 @@ export PORTAGE_TMPDIR
 #echo $CONFIG_PROTECT_MASK
 #export PORTAGE_TMPDIR=$(/usr/lib/portage/bin/portageq envvar PORTAGE_TMPDIR)
 
-TMP="${PORTAGE_TMPDIR}/$$"
-rm -rf ${TMP} 2> /dev/null
-mkdir ${TMP} || die "failed mkdir command!" 1
+TMP="${PORTAGE_TMPDIR}/etc-update-$$"
+rm -rf "${TMP}" 2> /dev/null
+mkdir "${TMP}" || die "failed to create temp dir" 1
+# make sure we have a secure directory to work in
+chmod 0700 "${TMP}" || die "failed to set perms on temp dir" 1
+chown ${UID:-0}:${GID:-0} "${TMP}" || die "failed to set ownership on temp dir" 1
 
 # I need the CONFIG_PROTECT value
 #CONFIG_PROTECT=$(/usr/lib/portage/bin/portageq envvar CONFIG_PROTECT)