re. GRASS Bug # 2877 (Debian Bug # 287651)
Insecure use of the '/tmp/' directory.
I'm getting through the instances; pretty much done actually.
g.tempfile didn't have to change.
There's one that goes deeper than I want to mess with, ie the locking
mechanism..
/tmp/grass6-$USER-$GIS_LOCK/gisrc
referenced by
lib/init/init.sh
lib/gis/unix_socks.c
(changing this might mean lib/gis/win32_pipes.c needs to be changed too)
The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
system open to symlink attacks...
can someone who understands the internals look into this please?
The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.
If no-one else can write to that directory, it doesn't matter how
files are created within it.
> There's one that goes deeper than I want to mess with, ie the locking
> mechanism..
>
> /tmp/grass6-$USER-$GIS_LOCK/gisrc
...
The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.
If no-one else can write to that directory, it doesn't matter how
files are created within it.
> re. GRASS Bug # 2877 (Debian Bug # 287651)
> Insecure use of the '/tmp/' directory.
>
> I'm getting through the instances; pretty much done actually.
> g.tempfile didn't have to change.
>
>
> There's one that goes deeper than I want to mess with, ie the locking
> mechanism..
>
> /tmp/grass6-$USER-$GIS_LOCK/gisrc
>
> referenced by
>
> lib/init/init.sh
> lib/gis/unix_socks.c
>
> (changing this might mean lib/gis/win32_pipes.c needs to be changed too)
>
>
> The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
> system open to symlink attacks...
>
> can someone who understands the internals look into this please?
The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.
Clarification: by "should", I mean that it ought to work this way; I
don't think that it does at present.
> > The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable,
> > leaving the system open to symlink attacks...
> >
> > can someone who understands the internals look into this please?
>
> The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
> such that it is only accessible to the current user. If the
> directory already exists, the startup should abort.
Clarification: by "should", I mean that it ought to work this way; I
don't think that it does at present.