Bug#1040668: bullseye-pu: package tang/8-3+deb11u1

[Christoph Biedl <debian.axhn@manchmal.in-ulm.de>]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: tang@packages.debian.org
Control: affects -1 + src:tang

This is the bullseye version of #1040646

[ Reason ]
Fix https://security-tracker.debian.org/tracker/CVE-2023-1672 for
Debian 11 ("bullseye"), tagged "no-dsa (minor)" by the security team.

The problem of creating key material without restrictive file
permissions probably existed upstream since always. Up to and including
Debian 10 ("buster") however, this situation was caught by enforcing
restrictive permissions on the key directory.

With Debian 11 ("bullseye") a change in the creation of that directory
caused it to be created with a too permissive mode.

[ Impact ]
Without the change being accepted, the directory that holds the private
key would stay world-readable. Also this would continue to put users at
risk who configured a different key directory but did not enforce
restrictive access permissions.

[ Tests ]
No automated tests I'm aware of. Of course I did a manual test, and the
outcome matched the expectations.

[ Risks ]
The changes are small and rather straight-forward. I'd be surprised if
they introduce problems.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in oldstable
  [x] the issue is verified as fixed in unstable (14.1)

[ Changes ]
* Assert restrictive permissions of the key directory in Debian's
  postinst.
  For regular users and new instaaltions.
* Upstream's change to create the key file with restrictive
  permissions.
  Mostly for users who configure a different key directory.
* Recommend a key rotation in setups where this seems wise, add
  some details in NEWS.Debian.
* Make the key rotation program executable as it should always
  have been.

Regards,

    Christoph

diff -Nru tang-8/debian/changelog tang-8/debian/changelog
--- tang-8/debian/changelog	2021-12-16 20:47:10.000000000 +0100
+++ tang-8/debian/changelog	2023-07-08 12:41:29.000000000 +0200
@@ -1,3 +1,14 @@
+tang (8-3+deb11u2) bullseye; urgency=high
+
+  * Fix CVE-2023-1672:
+    - Cherry-pick "Fix race condition when creating/rotating keys"
+    - Assert restrictive permissions on tang's key directory
+    In existing multi-user bullseye installations, rotating the keys
+    is suggested.
+  * Make the tangd-rotate-keys program executable
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sat, 08 Jul 2023 12:41:29 +0200
+
 tang (8-3+deb11u1) bullseye-security; urgency=high
 
   * Fix data leak [CVE-2021-4076]
diff -Nru tang-8/debian/patches/bullseye/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch tang-8/debian/patches/bullseye/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
--- tang-8/debian/patches/bullseye/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch	1970-01-01 01:00:00.000000000 +0100
+++ tang-8/debian/patches/bullseye/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch	2023-07-08 12:41:29.000000000 +0200
@@ -0,0 +1,73 @@
+Subject: Fix race condition when creating/rotating keys (#123)
+Origin: v13-3-g8dbbed1 <https://github.com/latchset/tang/commit/v13-3-g8dbbed1>
+Upstream-Author: Sergio Correia <scorreia@redhat.com>
+Date: Wed Jun 14 10:53:20 2023 -0300
+
+    When we create/rotate keys using either the tangd-keygen and
+    tangd-rotate-keys helpers, there is a small window between the
+    keys being created and then the proper ownership permissions being
+    set. This also happens when there are no keys and tang creates a
+    pair of keys itself.
+
+    In certain situations, such as the keys directory having wide open
+    permissions, a user with local access could exploit this race
+    condition and read the keys before they are set to more restrictive
+    permissions.
+
+    To prevent this issue, we now set the default umask to 0337 before
+    creating the files, so that they are already created with restrictive
+    permissions; afterwards, we set the proper ownership as usual.
+
+    Issue reported by Brian McDermott of CENSUS labs.
+
+    Fixes CVE-2023-1672
+
+
+    Reviewed-by: Sergio Arroutbi <sarroutb@redhat.com>
+    Signed-off-by: Sergio Correia <scorreia@redhat.com>
+
+--- a/src/keys.c
++++ b/src/keys.c
+@@ -17,6 +17,7 @@
+  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  */
+ 
++#include <sys/stat.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <dirent.h>
+@@ -304,6 +305,9 @@
+     const char** hashes = supported_hashes();
+     const char* alg[] = {"ES512", "ECMR", NULL};
+     char path[PATH_MAX];
++
++    /* Set default umask for file creation. */
++    umask(0337);
+     for (int i = 0; alg[i] != NULL; i++) {
+         json_auto_t* jwk = jwk_generate(alg[i]);
+         if (!jwk) {
+--- a/src/tangd-keygen
++++ b/src/tangd-keygen
+@@ -27,6 +27,9 @@
+ 
+ [ $# -eq 3 ] && sig=$2 && exc=$3
+ 
++# Set default umask for file creation.
++umask 0337
++
+ jwe=`jose jwk gen -i '{"alg":"ES512"}'`
+ [ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-`
+ echo "$jwe" > $1/$sig.jwk
+--- a/src/tangd-rotate-keys
++++ b/src/tangd-rotate-keys
+@@ -72,6 +72,10 @@
+ 
+     # Create a new set of keys.
+     DEFAULT_THP_HASH="S256"
++
++    # Set default umask for file creation.
++    umask 0337
++
+     for alg in "ES512" "ECMR"; do
+         json="$(printf '{"alg": "%s"}' "${alg}")"
+         jwe="$(jose jwk gen --input "${json}")"
diff -Nru tang-8/debian/patches/series tang-8/debian/patches/series
--- tang-8/debian/patches/series	2021-12-16 20:47:10.000000000 +0100
+++ tang-8/debian/patches/series	2023-07-08 12:41:29.000000000 +0200
@@ -13,5 +13,7 @@
 debian/2021-04-19.non-usrmerged.patch
 
 # cherry-picked after the stable release
-# CVE-2021-4076:
+# CVE-2021-4076
 bullseye/1639480721.v10-9-ge82459f.keys-move-signing-part-out-of-find-by-thp-and-to-find-jws-81.patch
+# CVE-2023-1672
+bullseye/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
diff -Nru tang-8/debian/rules tang-8/debian/rules
--- tang-8/debian/rules	2021-12-15 23:52:10.000000000 +0100
+++ tang-8/debian/rules	2023-07-08 12:41:29.000000000 +0200
@@ -10,4 +10,8 @@
 override_dh_auto_install:
 	dh_auto_install --buildsystem=meson
 	rm -rf debian/tang/usr/share/licenses
-	mkdir -p debian/tang/var/db/tang
+	mkdir -m0750 -p debian/tang/var/db/tang
+
+override_dh_fixperms:
+	chmod 755 debian/tang/usr/libexec/tangd-rotate-keys
+	dh_fixperms $@ -Xvar/db/tang
diff -Nru tang-8/debian/tang.NEWS tang-8/debian/tang.NEWS
--- tang-8/debian/tang.NEWS	1970-01-01 01:00:00.000000000 +0100
+++ tang-8/debian/tang.NEWS	2023-07-08 12:41:29.000000000 +0200
@@ -0,0 +1,13 @@
+tang (8-3+deb11u2) bullseye; urgency=high
+
+  * In existing bullseye installations, the key directory has world-
+    readable access permissions. If untrusted users have access to that
+    systems, administrators might want to do a key rotation after this
+    upgrade.
+
+    To do so, run: /usr/libexec/tangd-rotate-keys -v -d /var/db/tang
+
+    See https://manpages.debian.org/bookworm/tang-common/tangd-rotate-keys.1.en.html
+    for details.
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sat, 08 Jul 2023 12:41:29 +0200
diff -Nru tang-8/debian/tang.postinst tang-8/debian/tang.postinst
--- tang-8/debian/tang.postinst	1970-01-01 01:00:00.000000000 +0100
+++ tang-8/debian/tang.postinst	2023-07-08 12:41:29.000000000 +0200
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+        # assert restrictive permissions on the key directory
+        chmod 0750 /var/db/tang
+        ;;
+    abort-upgrade | abort-remove | abort-deconfigure) ;;
+
+    *)
+        echo "postinst called with unknown argument '$1'" >&2
+        exit 1
+        ;;
+esac
+
+#DEBHELPER#
+exit 0

Attachment: signature.asc
Description: PGP signature