NetBSD Problem Report #32804

From smb@cs.columbia.edu  Sun Feb 12 14:02:39 2006
Return-Path: <smb@cs.columbia.edu>
Received: from machshav.com (machshav.com [147.28.0.16])
	by narn.netbsd.org (Postfix) with ESMTP id 83BEB63B879
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 12 Feb 2006 14:02:37 +0000 (UTC)
Message-Id: <20060212140235.E09D1BB03B@bigboy.machshav.com>
Date: Sun, 12 Feb 2006 09:02:35 -0500 (EST)
From: smb@cs.columbia.edu
Reply-To: smb@cs.columbia.edu
To: gnats-bugs@netbsd.org
Subject: minor security glitch in Xsession (xorg and xsrc)
X-Send-Pr-Version: 3.95

>Number:         32804
>Category:       pkg
>Synopsis:       there's a race condition setting log file permissions in Xsession
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    joerg
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 12 14:05:00 +0000 2006
>Closed-Date:    Thu Oct 05 11:27:44 +0000 2006
>Last-Modified:  Thu Oct 05 11:27:44 +0000 2006
>Originator:     Steven M. Bellovin
>Release:        NetBSD 3.99.15
>Organization:
>Environment:


System: NetBSD bigboy.machshav.com 3.99.15 NetBSD 3.99.15 (BIGBOY) #0: Fri Feb 10 08:50:25 EST 2006 smb@bigboy.machshav.com:/usr/BUILD/obj/sys/arch/i386/compile/BIGBOY i386
Architecture: i386
Machine: i386
>Description:
	Near the start of Xsession -- both the pkgsrc and xsrc versions --
	there is the following code:

		if ( cp /dev/null "$errfile" 2> /dev/null )
		then
			chmod 600 "$errfile"

	an attacker who got in at just the right time could open the file
	for read before the chmod.
>How-To-Repeat:
	See above
>Fix:
	Delete the chmod and change the first line to

		if (umask 077 && cp /dev/null "$errfile" 2> /dev/null )

>Release-Note:

>Audit-Trail:
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/32804 CVS commit: xsrc/xfree/xc/programs/xdm/config
Date: Sun, 12 Feb 2006 16:20:10 +0000 (UTC)

 Module Name:	xsrc
 Committed By:	christos
 Date:		Sun Feb 12 16:20:10 UTC 2006

 Modified Files:
 	xsrc/xfree/xc/programs/xdm/config: Xsession

 Log Message:
 PR/32804: Steven M. Bellovin: Fix race condition setting log file permissions
 in Xsession


 To generate a diff of this commit:
 cvs rdiff -r1.2 -r1.3 xsrc/xfree/xc/programs/xdm/config/Xsession

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: xsrc-manager->pending
Responsible-Changed-By: christos@netbsd.org
Responsible-Changed-When: Sun, 12 Feb 2006 11:38:10 -0500
Responsible-Changed-Why:
x.org needs fixing now.


Responsible-Changed-From-To: pending->joerg
Responsible-Changed-By: wiz@netbsd.org
Responsible-Changed-When: Sun, 12 Feb 2006 17:29:41 +0000
Responsible-Changed-Why:
For x.org.


From: Joerg Sonnenberger <joerg@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/32804 CVS commit: pkgsrc/x11
Date: Tue, 14 Feb 2006 16:10:40 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	joerg
 Date:		Tue Feb 14 16:10:40 UTC 2006

 Modified Files:
 	pkgsrc/x11/xorg-clients: Makefile
 	pkgsrc/x11/xorg-libs: distinfo
 	pkgsrc/x11/xorg-libs/patches: patch-ax

 Log Message:
 Fix race condition in xdm's Xsession. From PR 32804.


 To generate a diff of this commit:
 cvs rdiff -r1.24 -r1.25 pkgsrc/x11/xorg-clients/Makefile
 cvs rdiff -r1.33 -r1.34 pkgsrc/x11/xorg-libs/distinfo
 cvs rdiff -r1.3 -r1.4 pkgsrc/x11/xorg-libs/patches/patch-ax

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Lubomir Sedlacik <salo@netbsd.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: PR/32804 CVS commit: [pkgsrc-2005Q4] pkgsrc/x11
Date: Wed, 15 Feb 2006 15:45:17 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	salo
 Date:		Wed Feb 15 15:45:17 UTC 2006

 Modified Files:
 	pkgsrc/x11/xorg-clients [pkgsrc-2005Q4]: Makefile
 	pkgsrc/x11/xorg-libs [pkgsrc-2005Q4]: distinfo
 Added Files:
 	pkgsrc/x11/xorg-libs/patches [pkgsrc-2005Q4]: patch-ax

 Log Message:
 Pullup ticket 1133 - requested by Joerg Sonnenberger
 fix race condition in xorg's Xsession

 Patch provided by the submitter.

    Module Name:		pkgsrc
    Committed By:	joerg
    Date:		Tue Feb 14 16:10:40 UTC 2006

    Modified Files:
    	pkgsrc/x11/xorg-clients: Makefile
    	pkgsrc/x11/xorg-libs: distinfo
    	pkgsrc/x11/xorg-libs/patches: patch-ax

    Log Message:
    Fix race condition in xdm's Xsession. From PR 32804.


 To generate a diff of this commit:
 cvs rdiff -r1.17 -r1.17.2.1 pkgsrc/x11/xorg-clients/Makefile
 cvs rdiff -r1.25 -r1.25.2.1 pkgsrc/x11/xorg-libs/distinfo
 cvs rdiff -r0 -r1.2.8.1 pkgsrc/x11/xorg-libs/patches/patch-ax

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: joerg@netbsd.org
State-Changed-When: Mon, 20 Feb 2006 13:10:16 +0000
State-Changed-Why:
fixed in pkgsrc as well


State-Changed-From-To: closed->open
State-Changed-By: joerg@netbsd.org
State-Changed-When: Mon, 20 Feb 2006 13:46:22 +0000
State-Changed-Why:
Reopen until x11/XFree86 is investigated.


State-Changed-From-To: open->closed
State-Changed-By: joerg@netbsd.org
State-Changed-When: Thu, 05 Oct 2006 11:27:44 +0000
State-Changed-Why:
XFree86 is gone.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.