Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: CVE-2017-18925 #21

Closed
wants to merge 10 commits into from
Closed

Fix: CVE-2017-18925 #21

wants to merge 10 commits into from

Conversation

KenjiBrown
Copy link

@KenjiBrown KenjiBrown commented Apr 29, 2022
edited
Loading

Signed-off-by: Sandio Araico Sanchez [email protected]
Bug #540006
hardened mode for opentmpfiles
Ignore some recursive options
Refuse to remove root-owned dirs and files
Refuse to chmod/chdir/chown user-owned dirs and files
Check non-existence before creating a directory
Ensure directory has been newly created before chown/chmod/chgrp
exit on error

williamh and others added 9 commits February 20, 2017 11:03
@williamh
fix the createdirectory function
eaf2d0e 
This function did not actually create a directory. Also, we did not
respect that mode could be optional.
@williamh
make sure modes, Owners and Groups are optional
c3841f4 
According to the tmpfiles.d man page I've read, Modes, owners and groups
are always optional.
@williamh
fix default owners, modes and groups
eec2e57 
If owners, modes or groups are not specified use the defaults from the
tmpfiles.d man page
@williamh
clean up noisy messages during directory creation
0cda271
@williamh
fix return code in multiple functions
6dacbea 
There is a big difference between how these tests behave:

1. [ foo ] && bar
2. if [ foo ]; then bar; fi

The first test will return a failure return code if foo is false, and
this was causing issues, so we need the second test.

This is for OpenRC#1.
@williamh
fix return codes for commands that take globs
0ca4be0 
This fixes OpenRC#1.
@KenjiBrown
Fix: CVE-2017-18925
fc2a0d0 
Signed-off-by: Sandio Araico Sanchez <[email protected]>
Gentoo bug #540006
hardened mode for opentmpfiles
Ignore some recursive options
Refuse to remove root-owned dirs and files
Refuse to chmod/chdir/chown user-owned dirs and files
Check non-existence before creating a directory
Ensure directory has been newly created before chown/chmod/chgrp
exit on error
@KenjiBrown
Fix: CVE-2017-18925
f92b116 
Signed-off-by: Sandio Araico Sanchez <[email protected]>
Bug #540006
hardened mode for opentmpfiles
Ignore some recursive options
Refuse to remove root-owned dirs and files
Refuse to chmod/chdir/chown user-owned dirs and files
Check non-existence before creating a directory
Ensure directory has been newly created before chown/chmod/chgrp
exit on error
@KenjiBrown
Merge branch 'hardened' of github.com:KenjiBrown/opentmpfiles into ha…
8e7b9f4 
…rdened
vapier
vapier requested changes Apr 30, 2022
View reviewed changes
Copy link
Member

@vapier vapier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please rebase onto the latest master branch

@thesamesam
Copy link

Ping.

@KenjiBrown
Copy link
Author

I will do the rebase this weekend.

@KenjiBrown
Copy link
Author

KenjiBrown commented May 31, 2022
edited
Loading

Merge master
Rechecked correctness in variables: "${path}" "${arg}" ${uid} ${gid} ${mode}
Some if [ $x -ne 0 ] ; then exit ; fi might be unnecessary.

@vapier
Copy link
Member

vapier commented May 31, 2022

it doesn't seem like you've fully rebased onto the latest master branch yet

@KenjiBrown
Copy link
Author

I will better create a new clean branch and a new PR. Let me try...

@KenjiBrown
Copy link
Author

New clean PR is #22

@KenjiBrown KenjiBrown closed this Jun 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vapier vapier vapier requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@KenjiBrown @thesamesam @vapier @williamh