/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-08 03:10:08 UTC
  • Revision ID: teddy@recompile.se-20140608031008-mc9bd7b024a3q0y0
Address a very theoretical possible security issue in mandos-client.

If there were to run some sort of "cleaner" process for /run/tmp (or
/tmp), and mandos-client were to run for long enough for that cleaner
process to remove the temporary directory for GPGME, there was a
possibility that another unprivileged process could trick the (also
unprivileged) mandos-client process to remove other files or symlinks
which the unprivileged mandos-client process was allowed to remove.
This is not currently known to have been exploitable, since there are
no known initramfs environments running such cleaner processes.

* plugins.d/mandos-client.c (main): Use O_NOFOLLOW when opening
                                    tempdir for cleaning.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-clients.conf.xml
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2018-02-08">
 
6
<!ENTITY TIMESTAMP "2013-10-15">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
40
 
      <year>2013</year>
41
 
      <year>2014</year>
42
 
      <year>2015</year>
43
 
      <year>2016</year>
44
 
      <year>2017</year>
45
 
      <year>2018</year>
46
40
      <holder>Teddy Hogeborn</holder>
47
41
      <holder>Björn Påhlsson</holder>
48
42
    </copyright>
183
177
            <varname>PATH</varname> will be searched.  The default
184
178
            value for the checker command is <quote><literal
185
179
            ><command>fping</command> <option>-q</option> <option
186
 
            >--</option> %%(host)s</literal></quote>.  Note that
187
 
            <command>mandos-keygen</command>, when generating output
188
 
            to be inserted into this file, normally looks for an SSH
189
 
            server on the Mandos client, and, if it find one, outputs
190
 
            a <option>checker</option> option to check for the
191
 
            client’s key fingerprint – this is more secure against
192
 
            spoofing.
 
180
            >--</option> %%(host)s</literal></quote>.
193
181
          </para>
194
182
          <para>
195
183
            In addition to normal start time expansion, this option
232
220
          <para>
233
221
            This option sets the OpenPGP fingerprint that identifies
234
222
            the public key that clients authenticate themselves with
235
 
            through TLS.  The string needs to be in hexadecimal form,
 
223
            through TLS.  The string needs to be in hexidecimal form,
236
224
            but spaces or upper/lower case are not significant.
237
225
          </para>
238
226
        </listitem>
465
453
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
466
454
      obscure.
467
455
    </para>
468
 
    <xi:include href="bugs.xml"/>
469
456
  </refsect1>
470
457
  
471
458
  <refsect1 id="example">