[10236] in bugtraq
Re: FSA-99.04-IPFILTER-v3.2.10
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Apr 15 19:43:08 1999
Date: Fri, 16 Apr 1999 09:10:18 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: nick@SHIBUMI.FERALMONKEY.ORG
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.4.05.9904151743560.567-100000@shibumi.feralmonkey.org>
from "0x1c" at Apr 15, 99 05:56:02 pm
In some mail from 0x1c, sie said:
>
> The author (Darren Reed) was notified about this problem early April. I
> believe it has been fixed in the latest version.
[...]
> Do not place lockfiles in /tmp. Each flavor listed above has a specific
> directory for such files, ie, "/var/run" in FreeBSD, OpenBSD, and NetBSD.
> When opening
> these files, use open with O_EXCL and fdopen, rather than fopen.
The files which have data written to are not lockfiles so placing them
under /var/run could be considered inappropriate.
For those who actually make use of the feature and/or feel they need a
patch to correctly address this situation (they do testing as root on
systems where unfriendly users are likely to be present and hanging out
waiting for root to possibly do something like this), see below.
Darren
Index: ip_fil.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_fil.c,v
retrieving revision 2.0.2.44.2.17
retrieving revision 2.0.2.44.2.18
diff -c -r2.0.2.44.2.17 -r2.0.2.44.2.18
*** ip_fil.c 1999/03/15 11:51:57 2.0.2.44.2.17
--- ip_fil.c 1999/04/11 10:42:36 2.0.2.44.2.18
***************
*** 1126,1147 ****
ip_t *ip;
{
# endif
- FILE *fp;
char fname[32];
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
sprintf(fname, "/tmp/%s", ifp->if_xname);
- if ((fp = fopen(fname, "a"))) {
- fclose(fp);
- }
# else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
- if ((fp = fopen(fname, "a"))) {
- fwrite((char *)ip, ntohs(ip->ip_len), 1, fp);
- fclose(fp);
- }
# endif
return 0;
}
--- 1126,1147 ----
ip_t *ip;
{
# endif
char fname[32];
+ int fd;
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
sprintf(fname, "/tmp/%s", ifp->if_xname);
# else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
# endif
+ fd = open(fname, O_WRONLY|O_APPEND);
+ if (fd == -1) {
+ perror("open");
+ return -1;
+ }
+ write(fd, (char *)ip, ntohs(ip->ip_len));
+ close(fd);
return 0;
}
***************
*** 1204,1227 ****
void init_ifp()
{
- FILE *fp;
struct ifnet *ifp, **ifa;
char fname[32];
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
! if ((fp = fopen(fname, "w")))
! fclose(fp);
}
# else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
! if ((fp = fopen(fname, "w")))
! fclose(fp);
}
# endif
}
--- 1204,1234 ----
void init_ifp()
{
struct ifnet *ifp, **ifa;
char fname[32];
+ int fd;
+
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
! fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
! if (fd == -1)
! perror("open");
! else
! close(fd);
}
# else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
! fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
! if (fd == -1)
! perror("open");
! else
! close(fd);
}
# endif
}
