Date: 27 Feb 2002 23:50:41 -0000 From: "Andrew Reilly" <areilly@bigpond.net.au> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/35388: xsane_create_secure_file fails if file exists: wrong. Message-ID: <20020227235041.48347.qmail@areilly.bpc-users.org>
next in thread | raw e-mail | index | archive | help
>Number: 35388 >Category: ports >Synopsis: xsane_create_secure_file fails if file exists: wrong. >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 27 16:00:10 PST 2002 >Closed-Date: >Last-Modified: >Originator: Andrew Reilly >Release: FreeBSD 4.5-STABLE i386 >Organization: just me >Environment: System: FreeBSD gurney.reilly.home 4.5-STABLE FreeBSD 4.5-STABLE #3: Sat Feb 23 13:26:08 EST 2002 root@gurney.reilly.home:/usr/obj/usr/src/sys/GURNEY i386 A generic P-!!!/500 PC, IDE drives, 128M RAM USB scanner: AGFA Snapscan e20. All dependant libraries and facilities updated to state of ports tree by "portupdate" as at 23 Feb 2002, and by make buildworld/installworld on same date. >Description: xsane checks to ensure that files that it creates are not at the end of a symlink, for "security" reasons. However, the routine that does this will also fail if the file in question already exists, because FreeBSD open(,O_WRONLY|O_CREAT|O_EXCL) semantics result in a failure in that case. Most of the time that doesn't cause any problems, because xsane creates/opens files only once for writing. The problem is with the interaction of xsane_fax_receiver_changed_callback() (in xsane.c) and xsane_fax_project_save(), because the former calls the latter every time the fax project changes. The fax project changes for every _character_ of the recipient phone number, so ..._project_save() is called for every character entered, and every new file scanned or added, and so the %s/xsane-fax-list file is re-written to reflect the new information. Or it would be, if xsane_create_secure_file() did not fail because that file already exists. >How-To-Repeat: Start xsane Select XSane mode: Fax Fill in the proejct name in the top box Click the "Create project" button (the only non-grey field) Try to type the recipient number into the second box. >Fix: apply the following patch, which removes the O_EXCL flag to the open() call. Perhaps this reduces security too much, which doesn't worry me on my single-user workstation, but should be checked. Maybe the correct fix is to change the logic of xsane_fax_project_save or xsane_fax_receiver_changed_callback. --- xsane-save.c Sat Dec 8 06:20:15 2001 +++ /home/andrew/xsane-save.c Thu Feb 28 10:26:55 2002 @@ -139,7 +139,7 @@ #endif umask((mode_t) preferences.image_umask); /* define image file permissions */ - fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0666); + fd = open(filename, O_WRONLY | O_CREAT, 0666); umask(XSANE_DEFAULT_UMASK); /* define new file permissions */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020227235041.48347.qmail>