#22 CVE-2009-4235 Weak permissions on log

open
nobody
None
5
2009-12-13
2009-12-13
Ted Felix
No

This is against 1.0.4, so it's a pretty old bug and has been fixed in later releases. The problem centers around the open_logs() routine in acpid.c. This routine opens a log file like this:

logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND);

Problem is that if the file gets created, it will need permissions and the last argument to open() which specifies those permissions is missing. Consequently, the file will get random permissions based on garbage on the stack. The line should look something like this:

logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0640);

But this is against a very old version, so I'd be inclined to just say, "upgrade to 1.0.10." Anyway, just entering this for reference.

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks