[535] in Zephyr_Bugs
possible zephyr bugs
daemon@ATHENA.MIT.EDU (Victor Dmitri Schoeman)
Wed Jul 13 10:41:54 1994
Date: Wed, 13 Jul 1994 10:40:33 -0400 (EDT)
From: Victor Dmitri Schoeman <vs0r+@andrew.cmu.edu>
To: bug-zephyr@MIT.EDU
I am the current maintainer of zephyr for andrew.cmu.edu (as well as
the current hacker of our version of inter-realm) But I believe I
have found a number of bugs that are from the original version of
zephyr and might still exist in your code.
One thing, which, while not really a bug, should probably be changed,
is to add a umask(077) call before the ticket file is created.
> diff -c ../../029/zwgc/zephyr.c .
*** ../../029/zwgc/zephyr.c Thu Oct 31 14:25:04 1991
--- ./zephyr.c Wed Jul 6 22:48:04 1994
***************
*** 151,156 ****
--- 151,157 ----
*/
temp = get_zwgc_port_number_filename();
errno = 0;
+ umask(077); /* prevent other users from reading our file */
port_file = fopen(temp, "w+");
if (port_file) {
fprintf(port_file, "%d\n", port);
Another bug seems exist in the bdump subscription code. Restricted
class subscriptions are not being passed in bdumps because the sending
servers don't fill in the z_sender field in the subscription request.
Since, in our cell, subscriptions must be authentic, if the sender is
"" it must have come from one of the other servers, thus a simple
solution is to automaticly allow (and log) subscriptions when z_sender
is empty.
And, a more serious bug one which is exaserbated by the WGFILES being
publicly readable. It appears that when a user issues a zctl ret
command the server checks for authenticity, but not that the user is
the same user who "owns" that subscription set.
here is the patch I have for both of these:
> diff -c ../../029/server/subscr.c .
*** ../../029/server/subscr.c Tue Jun 29 11:26:55 1993
--- ./subscr.c Thu Jul 7 17:42:22 1994
***************
*** 3,9 ****
*
* Created by: John T. Kohl
*
! * $Source: /afs/andrew/system/src/local/zephyr/022/server/RCS/subscr.c,v $
* $Author: vs0r $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
--- 3,9 ----
*
* Created by: John T. Kohl
*
! * $Source: /afs/andrew/system/src/local/zephyr/025/server/RCS/subscr.c,v $
* $Author: vs0r $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
***************
*** 15,21 ****
#ifndef lint
#ifndef SABER
! static char rcsid_subscr_c[] = "$Id: subscr.c,v 1.1 1993/06/29 15:26:32 vs0r Exp $";
#endif SABER
#endif lint
--- 15,21 ----
#ifndef lint
#ifndef SABER
! static char rcsid_subscr_c[] = "$Id: subscr.c,v 1.2 1994/06/18 02:04:55 vs0r Exp vs0r $";
#endif SABER
#endif lint
***************
*** 181,189 ****
--- 181,203 ----
acl = class_get_acl(subs->zst_class);
if (acl) {
if (!access_check(notice, acl, SUBSCRIBE)) {
+ /* Need this check since the other servers pass
+ off subscriptions in bdumps leaving the sender
+ empty. Since all subscriptions must be
+ authentic, any subscription that gets this far
+ with an empty sender must be from another
+ server, and should, therefore be honored. vs0r */
+ if (notice->z_sender[0]==NULL)
+ {
+ syslog(LOG_WARNING, "bdump subscription class %s",
+ subs->zst_class);
+ }
+ else
+ {
syslog(LOG_WARNING, "subscr unauth %s %s",
notice->z_sender, subs->zst_class);
continue; /* the for loop */
+ }
}
if (!strcmp(WILDCARD_INSTANCE, subs->zst_classinst)) {
if (!access_check(notice, acl, INSTWILD)) {
***************
*** 866,871 ****
--- 880,892 ----
if (!auth && !defsubs) {
return((char **) 0);
+ }
+ if (auth && !defsubs &&
+ strcmp(client->zct_principal, notice->z_sender))
+ { /* Yes the person is authentic, but they are requesting
+ someone elses subscriptions. vs0r */
+ syslog(LOG_WARNING, "%s attempted to retrive subscriptions for %s.\n",notice->z_sender, client->zct_principal);
+ return((char **) 0);
}
for (subs = subs2->q_forw;
Comments on these welcome.
Thanks,
Dmitri
