From: SourceForge.net <no...@so...> - 2005-10-31 16:35:15
|
Bugs item #1344047, was opened at 2005-10-31 17:35 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1344047&group_id=40604 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Security (Patches etc) Group: None Status: Open Resolution: None Priority: 5 Submitted By: Juergen Schmidt (ju_heisec) Assigned to: Nobody/Anonymous (nobody) Summary: user "nobody" could spoof backups Initial Comment: The user "nobody" could create fake backup files with and have them encrypted and eventually restored. Cause: the backup programm chowns the backup file to nobody before it encrypts them. See ipcopbkcfg.c: --- /* Make sure web can overwrite */ snprintf (command, STRING_SIZE-1, "/home/httpd/html/backup/%s.tar.gz", hostname); chown(command, 99, 99); /* encrypt archive */ snprintf (command, STRING_SIZE-1, "/usr/bin/openssl des3 -e -salt -in /home/httpd/html/backup/%s.tar.gz -out /home/httpd/html/backup/%s.dat -kfile %s/backup/backup.key", hostname, hostname, CONFIG_ROOT); if (safe_system (command)) { fprintf (stderr, "Couldn't encrypt archive\n"); exit (ERR_ENCRYPT); } --- This might open a window of opportunity for nobody to change the file. A tigtht loop copying his backup file there might be enough. (did not check this though). Fix: encrypt first, chown then (or better: delete unencrypted backup files. See: https://sourceforge.net/tracker/index.php?func=detail&aid=1344039&group_id=40604&atid=428516 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1344047&group_id=40604 |