Re: [Linux-PowerEdge] Bug in bootstrap.cgi

Tue, 12 Jan 2021 05:50:29 -0800

This bug is still there over a year later, now at line 124. I discovered it when I ran the script and rkhunter reported the suspicious text file in /dev the next morning. The file contents are the output of the gpg command. The script is linked from this page: 

<https://linux.dell.com/repo/hardware/dsu/>
(Top-posting only because most people aren't going to have the original message from 14 months ago in their local folder to see Paddy's analysis. Please trim if you reply this week.)
--On Friday, October 25, 2019 6:03 PM +0100 Paddy Doyle <[email protected]> wrote: 



[EXTERNAL EMAIL]

Hi,

There's a subtle bug in the bootstrap.cgi script [0] for configuring the
GPG keys for the repos.

There's a non-printable character on line 122, which causes the script
to create a new text file '/dev/nullNON_PRINTABLE_CHARS_HERE'

Basically the bug creates a file that looks like /dev/null but again is
hard to spot:

$ ls -1 /dev/null*
/dev/null
/dev/null 


'ls -Q' can show the strangeness, or 'stat':

$ ls -1Q /dev/null*
"/dev/null"
"/dev/null "

$ stat /dev/null* | grep File
  File: '/dev/null'
  File: '/dev/null '


You can't view the chars easily:

$ sed -n '122p' dell_bootstrap.cgi
    email=$(gpg -v ${GPG_FN} 2>/dev/null  | grep -i @dell.com | sed
's/.*<\(.*\)>.*/\1/')


But with 'od -c' you can see them '302' and '240':

$ sed -n '122p' dell_bootstrap.cgi | od -c
0000000                   e   m   a   i   l   =   $   (   g   p   g
0000020   -   v       $   {   G   P   G   _   F   N   }       2   >   /
0000040   d   e   v   /   n   u   l   l 302 240       |       g   r   e
0000060   p       -   i       @   d   e   l   l   .   c   o   m       |
0000100       s   e   d       '   s   /   .   *   <   \   (   .   *   \
0000120   )   >   .   *   /   \   1   /   '   )  \n
0000133


I'd imagine the bug was the result of a simple text editor snafu.

The "/dev/null " file does no harm, but just in case you want to remove
it you could use something like:

  find /dev -type f -name "null*" -exec mv -vi {} /tmp \;

Paddy

[0] https://linux.dell.com/repo/hardware/dsu/bootstrap.cgi

--
Paddy Doyle
Research IT / Trinity Centre for High Performance Computing,
Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
Phone: +353-1-896-3725
https://www.tchpc.tcd.ie/



_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Reply via email to