Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling
Hi
Maybe. However if someone is added to a users group that should really mean that they should at least be able to read things, even though they may not be able to write to stuff. So I actually think bash and others do the wrong thing here.
The way I have done it is also more in line with upstream opinion, even though upstream think it is ok for even anyone to read this file.
New simplified and with better comments attached to this mail.
Best regards
// Ola
Description: World readable dbshell log file
This correction make sure the ~/.dbshell log file is not world readable.
.
mongodb (1:2.0.6-1+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Long Term Security Team.
* Make sure dbshell log file is not readable by others
CVE-2016-6494 (Closes: #832908).
Author: Ola Lundqvist <opal@debian.org>
Origin: other
Bug: https://jira.mongodb.org/browse/SERVER-25335
Bug-Debian: https://bugs.debian.org/832908
Forwarded: no
Reviewed-By: Ola Lundqvist <opal@debian.org>
Last-Update: 2016-08-01
Index: mongodb-2.0.6/third_party/linenoise/linenoise.cpp
===================================================================
--- mongodb-2.0.6.orig/third_party/linenoise/linenoise.cpp 2012-06-04 13:42:54.000000000 +0000
+++ mongodb-2.0.6/third_party/linenoise/linenoise.cpp 2016-08-02 22:28:13.094657162 +0000
@@ -104,11 +104,13 @@
#include <termios.h>
#include <unistd.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/stat.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <unistd.h>
@@ -799,6 +801,11 @@
/* Save the history in the specified file. On success 0 is returned
* otherwise -1 is returned. */
int linenoiseHistorySave(const char *filename) {
+ mode_t prev_mask = umask(0022);
+ // Make sure this file is not readable by others, but honor
+ // the umask for user and group permissions.
+ // CVE-2016-6494
+ umask(prev_mask | S_IRWXO);
FILE *fp = fopen(filename,"w");
int j;
@@ -808,6 +815,8 @@
fprintf(fp,"%s\n",history[j]);
}
fclose(fp);
+ // return umask as it was before
+ umask(prev_mask);
return 0;
}
@@ -817,6 +826,15 @@
* If the file exists and the operation succeeded 0 is returned, otherwise
* on error -1 is returned. */
int linenoiseHistoryLoad(const char *filename) {
+ struct stat fileStat;
+ if (stat(filename,&fileStat) < 0) return -1;
+ if (fileStat.st_mode & S_IRWXO) {
+ // If the file is world readable, writeable or executable
+ // make sure it is not but keep all other permissions.
+ // CVE-2016-6494
+ chmod(filename, fileStat.st_mode & 0777770);
+ }
+
FILE *fp = fopen(filename,"r");
char buf[LINENOISE_MAX_LINE];
Reply to: