/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2014-06-08 03:10:08 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 317.
  • Revision ID: teddy@recompile.se-20140608031008-mc9bd7b024a3q0y0
Address a very theoretical possible security issue in mandos-client.

If there were to run some sort of "cleaner" process for /run/tmp (or
/tmp), and mandos-client were to run for long enough for that cleaner
process to remove the temporary directory for GPGME, there was a
possibility that another unprivileged process could trick the (also
unprivileged) mandos-client process to remove other files or symlinks
which the unprivileged mandos-client process was allowed to remove.
This is not currently known to have been exploitable, since there are
no known initramfs environments running such cleaner processes.

* plugins.d/mandos-client.c (main): Use O_NOFOLLOW when opening
                                    tempdir for cleaning.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
26
26
OPTIMIZE=-Os -fno-strict-aliasing
27
27
LANGUAGE=-std=gnu99
28
28
htmldir=man
29
 
version=1.6.9
 
29
version=1.6.5
30
30
SED=sed
31
31
 
32
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
264
264
        @echo "# ignored.  The messages are caused by not running as root, but   #"
265
265
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
266
266
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
267
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
268
 
        @echo "#                     setuid: Operation not permitted             #"
 
267
        @echo "# From plugin-runner: setuid: Operation not permitted             #"
269
268
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
270
 
        @echo "# From mandos-client:                                             #"
271
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
272
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
269
        @echo "# From mandos-client: setuid: Operation not permitted             #"
 
270
        @echo "#                     seteuid: Operation not permitted            #"
 
271
        @echo "#                     klogctl: Operation not permitted            #"
273
272
        @echo "###################################################################"
274
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
275
273
        ./plugin-runner --plugin-dir=plugins.d \
276
274
                --config-file=plugin-runner.conf \
277
275
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
278
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
279
276
                $(CLIENTARGS)
280
277
 
281
278
# Used by run-client
296
293
        install --directory confdir
297
294
        install --mode=u=rw $< $@
298
295
# Add a client password
299
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
296
        ./mandos-keygen --dir keydir --password >> $@
300
297
statedir:
301
298
        install --directory statedir
302
299