Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 668606 Details for
Bug 887010
CVE-2012-5638 sanlock world writable /var/log/sanlock.log
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
proposed patch
CVE-2012-5638.patch (text/plain), 1.39 KB, created by
Martin Quinson
on 2012-12-24 21:28:22 UTC
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Martin Quinson
Created:
2012-12-24 21:28:22 UTC
Size:
1.39 KB
patch
obsolete
>Initial report (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5638) > >| The sanlock server creates the /var/log/sanlock.log world writable >| allowing any one on the system to wipe the contents of the log file or >| to store data within the log file (bypassing any quotas applied to >| their account). The affected code (in src/log.c) is: >| >| int setup_logging(void) { >| int fd, rv; >| snprintf(logfile_path, PATH_MAX, "%s/%s", SANLK_LOG_DIR, >| SANLK_LOGFILE_NAME); >| logfile_fp = fopen(logfile_path, "a+"); > >This patch was proposed by Martin Quinson, but not really tested as I >don't use sanlock myself. Also, I used 660 as permissions to the file, >I'm not sure of whether it's sensible or not. > >Index: sanlock-2.2/src/log.c >=================================================================== >--- sanlock-2.2.orig/src/log.c 2012-05-07 17:43:52.000000000 +0200 >+++ sanlock-2.2/src/log.c 2012-12-24 22:19:10.437901274 +0100 >@@ -252,10 +252,12 @@ > snprintf(logfile_path, PATH_MAX, "%s/%s", SANLK_LOG_DIR, > SANLK_LOGFILE_NAME); > >- logfile_fp = fopen(logfile_path, "a+"); >- if (logfile_fp) { >- fd = fileno(logfile_fp); >+ fd = open(logfile_path,O_CREAT | O_WRONLY, S_IRUSR|S_IWUSR | S_IRGRP|S_IWGRP); >+ if (fd != -1) { > fcntl(fd, F_SETFD, fcntl(fd, F_GETFD, 0) | FD_CLOEXEC); >+ logfile_fp = fdopen(fd, "a+"); >+ } else { >+ logfile_fp = NULL; > } > > log_ents = malloc(log_num_ents * sizeof(struct entry));
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 887010
: 668606