[GRASS5] files stored in /tmp/ from init.sh

Hi,

re. GRASS Bug # 2877 (Debian Bug # 287651)
    Insecure use of the '/tmp/' directory.

I'm getting through the instances; pretty much done actually.
g.tempfile didn't have to change.

There's one that goes deeper than I want to mess with, ie the locking
mechanism..

/tmp/grass6-$USER-$GIS_LOCK/gisrc

referenced by

lib/init/init.sh
lib/gis/unix_socks.c

(changing this might mean lib/gis/win32_pipes.c needs to be changed too)

The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
system open to symlink attacks...

can someone who understands the internals look into this please?

thanks,
Hamish

Hamish wrote:

re. GRASS Bug # 2877 (Debian Bug # 287651)
    Insecure use of the '/tmp/' directory.

I'm getting through the instances; pretty much done actually.
g.tempfile didn't have to change.

There's one that goes deeper than I want to mess with, ie the locking
mechanism..

/tmp/grass6-$USER-$GIS_LOCK/gisrc

referenced by

lib/init/init.sh
lib/gis/unix_socks.c

(changing this might mean lib/gis/win32_pipes.c needs to be changed too)

The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
system open to symlink attacks...

can someone who understands the internals look into this please?

The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.

If no-one else can write to that directory, it doesn't matter how
files are created within it.

--
Glynn Clements <glynn@gclements.plus.com>

> There's one that goes deeper than I want to mess with, ie the locking
> mechanism..
>
> /tmp/grass6-$USER-$GIS_LOCK/gisrc

...

The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.

If no-one else can write to that directory, it doesn't matter how
files are created within it.

Right; thanks.

Hamish

Glynn Clements wrote:

> re. GRASS Bug # 2877 (Debian Bug # 287651)
> Insecure use of the '/tmp/' directory.
>
> I'm getting through the instances; pretty much done actually.
> g.tempfile didn't have to change.
>
>
> There's one that goes deeper than I want to mess with, ie the locking
> mechanism..
>
> /tmp/grass6-$USER-$GIS_LOCK/gisrc
>
> referenced by
>
> lib/init/init.sh
> lib/gis/unix_socks.c
>
> (changing this might mean lib/gis/win32_pipes.c needs to be changed too)
>
>
> The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
> system open to symlink attacks...
>
> can someone who understands the internals look into this please?

The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
such that it is only accessible to the current user. If the directory
already exists, the startup should abort.

Clarification: by "should", I mean that it ought to work this way; I
don't think that it does at present.

--
Glynn Clements <glynn@gclements.plus.com>

> > The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable,
> > leaving the system open to symlink attacks...
> >
> > can someone who understands the internals look into this please?
>
> The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
> such that it is only accessible to the current user. If the
> directory already exists, the startup should abort.

Clarification: by "should", I mean that it ought to work this way; I
don't think that it does at present.

It does as of now:

tmp=/tmp/grass6-$USER-$GIS_LOCK
(umask 077 && mkdir "$tmp") || {
    echo "Cannot create temporary directory! Exiting." 1>&2
    exit 1
}
GISRC="$tmp/gisrc"
export GISRC

Hamish