Bugtraq mailing list archives
Re: FSA-99.04-IPFILTER-v3.2.10
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Fri, 16 Apr 1999 09:10:18 +1000
In some mail from 0x1c, sie said:
The author (Darren Reed) was notified about this problem early April. I believe it has been fixed in the latest version.
[...]
Do not place lockfiles in /tmp. Each flavor listed above has a specific directory for such files, ie, "/var/run" in FreeBSD, OpenBSD, and NetBSD. When opening these files, use open with O_EXCL and fdopen, rather than fopen.
The files which have data written to are not lockfiles so placing them
under /var/run could be considered inappropriate.
For those who actually make use of the feature and/or feel they need a
patch to correctly address this situation (they do testing as root on
systems where unfriendly users are likely to be present and hanging out
waiting for root to possibly do something like this), see below.
Darren
Index: ip_fil.c
===================================================================
RCS file: /devel/CVS/IP-Filter/ip_fil.c,v
retrieving revision 2.0.2.44.2.17
retrieving revision 2.0.2.44.2.18
diff -c -r2.0.2.44.2.17 -r2.0.2.44.2.18
*** ip_fil.c 1999/03/15 11:51:57 2.0.2.44.2.17
--- ip_fil.c 1999/04/11 10:42:36 2.0.2.44.2.18
***************
*** 1126,1147 ****
ip_t *ip;
{
# endif
- FILE *fp;
char fname[32];
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
sprintf(fname, "/tmp/%s", ifp->if_xname);
- if ((fp = fopen(fname, "a"))) {
- fclose(fp);
- }
# else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
- if ((fp = fopen(fname, "a"))) {
- fwrite((char *)ip, ntohs(ip->ip_len), 1, fp);
- fclose(fp);
- }
# endif
return 0;
}
--- 1126,1147 ----
ip_t *ip;
{
# endif
char fname[32];
+ int fd;
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
sprintf(fname, "/tmp/%s", ifp->if_xname);
# else
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
# endif
+ fd = open(fname, O_WRONLY|O_APPEND);
+ if (fd == -1) {
+ perror("open");
+ return -1;
+ }
+ write(fd, (char *)ip, ntohs(ip->ip_len));
+ close(fd);
return 0;
}
***************
*** 1204,1227 ****
void init_ifp()
{
- FILE *fp;
struct ifnet *ifp, **ifa;
char fname[32];
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
! if ((fp = fopen(fname, "w")))
! fclose(fp);
}
# else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
! if ((fp = fopen(fname, "w")))
! fclose(fp);
}
# endif
}
--- 1204,1234 ----
void init_ifp()
{
struct ifnet *ifp, **ifa;
char fname[32];
+ int fd;
+
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s", ifp->if_xname);
! fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
! if (fd == -1)
! perror("open");
! else
! close(fd);
}
# else
for (ifa = ifneta; ifa && (ifp = *ifa); ifa++) {
ifp->if_output = write_output;
sprintf(fname, "/tmp/%s%d", ifp->if_name, ifp->if_unit);
! fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0600);
! if (fd == -1)
! perror("open");
! else
! close(fd);
}
# endif
}
Current thread:
- Re: FlowPoint ADSL Reported Problem David Brumley (Apr 14)
- Re: FlowPoint ADSL Reported Problem Philip Rakity (Apr 14)
- FSA-99.04-IPFILTER-v3.2.10 0x1c (Apr 15)
- Re: FlowPoint ADSL Reported Problem Chris Shenton (Apr 15)
- Re: FSA-99.04-IPFILTER-v3.2.10 Darren Reed (Apr 15)