[GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless $TMPDIR is /tmp

this bug's URL: http://intevation.de/rt/webrt?serial_num=2961
-------------------------------------------------------------------------

Subject: lib/gis/unix_socks.c fails unless $TMPDIR is /tmp

Platform: GNU/Linux/i386
grass obtained from: CVS
grass binary for platform: Compiled from Sources
GRASS Version: 5.7-cvs-feb05

Hi,

I just did a little audit and I think my recenct security fix to init.sh introduced a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and revert to always using /tmp (maybe in the next 24 hours).

The bug is this:

init.sh now uses $TMPDIR (if it exists) to place the temporary session files in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in C.

It might still work, but would leave files scattered about, reintroduce the security issues, etc..

Can someone show me how to do this?

unix_socks.c:
http://freegis.org/cgi-bin/viewcvs.cgi/grass51/lib/gis/unix_socks.c?rev=HEAD&content-type=text/vnd.viewcvs-markup

Also lib/gis/win32_pipes.c always uses "c:/grass-" as a prefix. I'm not sure if this should match what is set as the temporary session directory by init.sh?? I'd prefer that to adding platform heuristics to init.sh.

thanks,
Hamish

-------------------------------------------- Managed by Request Tracker

I just did a little audit and I think my recenct security fix to init.sh
introduced a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR
capability and revert to always using /tmp (maybe in the next 24 hours).

The bug is this:

init.sh now uses $TMPDIR (if it exists) to place the temporary session
files in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c
has "/tmp" hardcoded and I don't know how to do the 'if(! $TMPDIR) then
"/tmp"' test in C.

getenv(3) gets you the value of a shell variable from the surrounding
context, and returns NULL if the variable you're looking for isn't defined
there.

-- Mark

Mark P. Line
Polymathix
San Antonio, TX

On Thu, 3 Feb 2005, Request Tracker wrote:

I just did a little audit and I think my recenct security fix to init.sh introduced a bug. I'd like to fix it ASAP - if not I'll remove the $TMPDIR capability and revert to always using /tmp (maybe in the next 24 hours).

The bug is this:

init.sh now uses $TMPDIR (if it exists) to place the temporary session files in. If $TMPDIR doesn't exist it uses /tmp. Now lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do the 'if(! $TMPDIR) then "/tmp"' test in C.

It might still work, but would leave files scattered about, reintroduce the security issues, etc..

Can someone show me how to do this?

I haven't looked at any of the source files but what about a GRASS variable TMPDIR that would contain either the system TMPDIR or /tmp depending on the checks at startup. Then in the C file you could access it as G_getenv("TMPDIR") or something and you wouldn't have to repeat the logic checking if TMPDIR is set.

> I just did a little audit and I think my recenct security fix to
> init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> remove the $TMPDIR capability and revert to always using /tmp (maybe
> in the next 24 hours).
>
> The bug is this:
>
> init.sh now uses $TMPDIR (if it exists) to place the temporary
> session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> the 'if(! $TMPDIR) then "/tmp"' test in C.
>
> It might still work, but would leave files scattered about,
> reintroduce the security issues, etc..
>

[so I changed it back to hardcoded "/tmp" for now]

I haven't looked at any of the source files but what about a GRASS
variable TMPDIR that would contain either the system TMPDIR or /tmp
depending on the checks at startup. Then in the C file you could
access it as G_getenv("TMPDIR") or something and you wouldn't have to
repeat the logic checking if TMPDIR is set.

Seems a bit redunant.. it is only queried by unix_socks.c|win32_pipes.c
so it is just one check to add. I would think that this is not a GRASS
variable you really want to have changed after startup, and leaving it
in the g.gisenv list begs for it to be changed. Sure the user can change
the shell variable too, but it isn't as visible as something to fiddle
with.

?

Hamish

Request Tracker wrote:

I just did a little audit and I think my recenct security fix to
init.sh introduced a bug. I'd like to fix it ASAP - if not I'll remove
the $TMPDIR capability and revert to always using /tmp (maybe in the
next 24 hours).

The bug is this:

init.sh now uses $TMPDIR (if it exists) to place the temporary session
files in. If $TMPDIR doesn't exist it uses /tmp. Now
lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
the 'if(! $TMPDIR) then "/tmp"' test in C.

unix_socks.c should always use /tmp; using $TMPDIR (which is typically
a subdirectory of $HOME) might exceed the limit for a Unix-domain
socket.

--
Glynn Clements <glynn@gclements.plus.com>

> I just did a little audit and I think my recenct security fix to
> init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> remove the $TMPDIR capability and revert to always using /tmp (maybe
> in the next 24 hours).
>
> The bug is this:
>
> init.sh now uses $TMPDIR (if it exists) to place the temporary
> session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> the 'if(! $TMPDIR) then "/tmp"' test in C.

unix_socks.c should always use /tmp; using $TMPDIR (which is typically
a subdirectory of $HOME) might exceed the limit for a Unix-domain
socket.

Ok, in that case init.sh & socks/pipes will always be /tmp and ignore
any $TMPDIR.

I think the test-compiles do honor $TMPDIR already and that this is ok?

Hamish