1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
commit e8f8196230ae15f6f7d7104ded3e2633002506e4
Author: faxguy <faxguy@5505949e-d877-4686-9e03-c53b7a51b376>
Date: Sat Jun 13 23:46:33 2020 +0000
Johannes Segitz reported two issues:
1) faxaddmodem, faxsetup, and probemodem create temporary directories in a way that is not secure due to a race condition.
2) The HylaFAX spool directory bin and etc subdirectories are not secure against uucp deleting and recreating scripts that root runs.
These changes address these two issues.
git-svn-id: https://svn.code.sf.net/p/hylafax/HylaFAX+@2534 5505949e-d877-4686-9e03-c53b7a51b376
diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index 057739f..a9d4f21 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -203,6 +203,7 @@ following for their contributions:
Travis Schafer LogSend and LogRecv modem config options, documentation fixes
Sven Schmidt
Steven Schoch faxrcvd faxinfo text parsing
+ Johannes Segitz code security audit
John Sellens
Chris Severance documentation fixes, scripting improvements
Simon <iahnl@iah.nl>
diff --git a/Makefile.in b/Makefile.in
index 1ee4d76..ec0cda7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -208,7 +208,10 @@ makeServerDirs::
-idb hylafax.sw.server -root ${INSTALLROOT} -dir ${SPOOL}
-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m ${DIRMODE} \
-idb hylafax.sw.server -dir \
- -root ${INSTALLROOT} -F ${SPOOL} bin client config dev etc info log recvq status
+ -root ${INSTALLROOT} -F ${SPOOL} client config dev info log recvq status
+ -${INSTALL} -u root -g root -m ${DIRMODE} \
+ -idb hylafax.sw.server -dir \
+ -root ${INSTALLROOT} -F ${SPOOL} bin etc
-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m 700 \
-idb hylafax.sw.server -dir \
-root ${INSTALLROOT} -F ${SPOOL} sendq doneq docq tmp pollq archive
diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
index dc39917..c4d3ff1 100644
--- a/etc/faxaddmodem.sh.in
+++ b/etc/faxaddmodem.sh.in
@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
fi
# security
+o="`umask`"
+umask 077
TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
+umask "$o"
if test X$TMPDIR = X; then
- TMPDIR=/tmp/.faxaddmodem$$
+ echo "Failed to create temporary directory. Cannot continue."
+ exit 1
fi
-@RM@ -rf $TMPDIR
-(umask 077 ; mkdir $TMPDIR) || exit 1
SH=$SCRIPT_SH # shell for use below
CPATH=$SPOOL/etc/config # prefix of configuration file
diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
index 556eef5..b4aae40 100644
--- a/etc/faxsetup.sh.in
+++ b/etc/faxsetup.sh.in
@@ -922,12 +922,14 @@ if onServer; then
#
# Setup TMPDIR before anything can trap and rm it
+ o="`umask`"
+ umask 077
TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
+ umask "$o"
if test x$TMPDIR = x; then
- TMPDIR=/tmp/.faxsetup$$
+ echo "Failed to create temporary directory. Cannot continue."
+ exit 1
fi
- $RM -rf $TMPDIR
- (umask 077 ; mkdir $TMPDIR) || exit 1
JUNK="etc/setup.tmp"
trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
index 55b5d9b..c0abf15 100644
--- a/etc/probemodem.sh.in
+++ b/etc/probemodem.sh.in
@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
. $SPOOL/etc/setup.cache # common configuration stuff
. $SPOOL/etc/setup.modem # modem-specific stuff
+o="`umask`"
+umask 077
TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
+umask "$o"
if test X$TMPDIR = X; then
- TMPDIR=/tmp/.probemodem$$
+ echo "Failed to create temporary directory. Cannot continue."
+ exit 1
fi
-@RM@ -fr $TMPDIR
-(umask 077 ; mkdir $TMPDIR) || exit 1
SH=$SCRIPT_SH # shell for use below
OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded
|
