Re: [Cooker] init functions fixes

2002-06-03 Thread Liam R. E. Quin 

On Sun, 2002-06-02 at 02:25, Borsenkow Andrej wrote:

 It is not an issue because bash ignores inherited IFS. And I actually
 fail to see how you can do su from malicious terminal unless you _are_
 the malicious person ... in which case if you can do su you can do
 everything.

Scenario: systems administrator comes over to user's terminal, runs
/bin/su or sudo, and runs an init script.  But the user has set up
his environment for just such an eventuality...

As I said, it's a very minor security issue.

 P.S. Could you in future use unified diff please? It is much easier to
 review.

Oops, sorry, will do.

Liam

-- 
Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Ankh: irc.sorcery.net www.valinor.sorcery.net irc.gnome.org www.advogato.org
Author, Open Source XML Database Toolkit, Wiley August 2000
Co-author: The XML Specification Guide, Wiley 1999; Mastering XML, Sybex 2001

Re: [Cooker] init functions fixes

2002-06-02 Thread Doug McClendon 



Liam R. E. Quin wrote:

the security stuff is to
do with unquoted shell variables 

Can you explain, or give me a pointer to a relevent faq/document?  I 
found the
NCSA Secure Programming Guidelines, and it mentions the IFS thing, but
nothing about quoted vs unquoted variables.  It also fails to mention 
why setting
IFS is a good thing.

Really I'm just looking to develop good shell scripting style.  So if 
their are guidelines
on when you should quote things, and when not to (even when both ways 
seem to
work), I would like to know.  As well as any other similar techniques.

-dmc

- probably IFS should be set
somewhere, too, for the case where someone does su from a malicious
user's terminal, then runs an init script.

hmm, evolution crashes if I attach a file, I'll paste it... and if
that fails, back to mutt :-)

Liam

Re: [Cooker] init functions fixes

2002-06-02 Thread Borsenkow Andrej 

÷ ÷ÓË, 02.06.2002, × 10:49, Doug McClendon ÎÁÐÉÓÁÌ:
 
 
 Liam R. E. Quin wrote:
 
 the security stuff is to
 do with unquoted shell variables 
 
 Can you explain, or give me a pointer to a relevent faq/document?  I 
 found the
 NCSA Secure Programming Guidelines, and it mentions the IFS thing, but
 nothing about quoted vs unquoted variables.  It also fails to mention 
 why setting
 IFS is a good thing.
 

IFS is used to split results of variable substitution. I.e. if somebody
sets IFS=: and then does

IFS=:
foo=rm:-rf:/
$foo

it will split $foo into separate words and then execute the result ...

all of this is pretty much basic shell programming.

Note that actually SUS V3 recommends that shell should ignore IFS value
found in environment that is always a good thing. Current version of
bash does it.

 Really I'm just looking to develop good shell scripting style.  So if 
 their are guidelines
 on when you should quote things, and when not to (even when both ways 
 seem to
 work), I would like to know.  As well as any other similar techniques.
 
 -dmc
 
 - probably IFS should be set
 somewhere, too, for the case where someone does su from a malicious
 user's terminal, then runs an init script.
 

It is not an issue because bash ignores inherited IFS. And I actually
fail to see how you can do su from malicious terminal unless you _are_
the malicious person ... in which case if you can do su you can do
everything.

-andrej

P.S. Could you in future use unified diff please? It is much easier to
review.

[Cooker] init functions fixes

2002-06-01 Thread Liam R. E. Quin 

I was reading through the init scripts functions file and 
noticed some very minor speedups, a bug fix, and some 
relatively obscure security holes - possibly they should go 
back to the mantainers, but I think they may be Mandrake-specific.

Speeding up these scripts seems desireable... the security stuff is to
do with unquoted shell variables - probably IFS should be set
somewhere, too, for the case where someone does su from a malicious
user's terminal, then runs an init script.

hmm, evolution crashes if I attach a file, I'll paste it... and if
that fails, back to mutt :-)

Liam

-- 
Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Ankh: irc.sorcery.net www.valinor.sorcery.net irc.gnome.org www.advogato.org
Author, Open Source XML Database Toolkit, Wiley August 2000
Co-author: The XML Specification Guide, Wiley 1999; Mastering XML, Sybex 2001

*** pre-liam/functions  2002-05-21 23:46:34.0 -1000
--- functions   2002-05-22 00:27:14.0 -1000
***
*** 11,53 
  #
  # i18n originally by: Arnaldo Carvalho de Melo [EMAIL PROTECTED],
  # Wanderlei Antonio Cavassin
  TEXTDOMAIN=initscripts
  TEXTDOMAINDIR=/etc/locale
  LOCPATH=/etc/locale
- export TEXTDOMAINDIR LOCPATH
  
  # Make sure umask is sane
  umask 022
  
  # First set up a default search path.
! export PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
  
  # Get a sane screen width
  [ -z ${COLUMNS:-} ]  COLUMNS=80
  
! if [ -z $GP_LANG -a -z $LANGUAGE -a -f /etc/sysconfig/i18n -a -z $NOLOCALE ]; 
then
  . /etc/sysconfig/i18n
! [ -n $LANGUAGE ]  GP_LANG=$LANGUAGE || GP_LANG=$LANG
! if [ ${LANG:-} = ja_JP.eucJP -a `/sbin/consoletype` != pty ]; then
!   unset LANG
  else
export LANG
  fi
- fi
  
- if [ -f /etc/sysconfig/i18n -a -z ${NOLOCALE:-} ] ; then
. /etc/sysconfig/i18n
!   if [ ${LANG:-} = ja_JP.eucJP -a `/sbin/consoletype` != pty ]; then
! unset LANG
!   elif [ ${LANG:-} = ko_KR.eucKR -a `/sbin/consoletype` != pty ]; then
! unset LANG
!   elif [ ${LANG:-} = zh_CN.GB2312 -a `/sbin/consoletype` != pty ]; then
! unset LANG
!   elif [ ${LANG:-} = zh_TW.Big5 -a `/sbin/consoletype` != pty ]; then
  unset LANG
-   else
- export LANG
fi
  fi
  
  # Currently Aurora can only display latin1 text, as it uses an 8bit
--- 11,57 
  #
  # i18n originally by: Arnaldo Carvalho de Melo [EMAIL PROTECTED],
  # Wanderlei Antonio Cavassin
+ 
  TEXTDOMAIN=initscripts
  TEXTDOMAINDIR=/etc/locale
  LOCPATH=/etc/locale
  
  # Make sure umask is sane
  umask 022
  
  # First set up a default search path.
! PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
! 
! export TEXTDOMAINDIR LOCPATH PATH
! # why is TEXTFOMAIN not exported? - Liam
! 
! TEXTDOMAIN=initscripts
  
  # Get a sane screen width
  [ -z ${COLUMNS:-} ]  COLUMNS=80
  
! if [ -z $NOLOCALE -a -f /etc/sysconfig/i18n ] ; then
! if [ -z $GP_LANG -a -z $LANGUAGE ]; then
. /etc/sysconfig/i18n
!   if [ -n $LANGUAGE ] ; then
!   GP_LANG=$LANGUAGE
else
+   GP_LANG=$LANG
+   fi
+ 
export LANG
  fi
  
  . /etc/sysconfig/i18n
! 
! # only use 16-bit locales on the physical console
! case ${LANG:-} in
! ja_JP.eucJP|ko_KR.eucKR|zh_CN.GB2312|zh_TW.Big5)
!   if [ `/sbin/consoletype` != pty ]; then
unset LANG
fi
+   ;;
+ esac
  fi
  
  # Currently Aurora can only display latin1 text, as it uses an 8bit
***
*** 60,66 
esac
  fi
  
- 
  # Read in our configuration
  if [ -z ${BOOTUP:-} ]; then
if [ -f /etc/sysconfig/init ]; then
--- 64,69 
***
*** 153,165 
  # Check if $pid (could be plural) are running
  checkpid() {
while [ $1 ]; do
   [ -d /proc/$1 ]  return 0
   shift
done
return 1
  }

- 
  # A function to start a program.
  daemon() {
# Test syntax.
--- 156,168 
  # Check if $pid (could be plural) are running
  checkpid() {
  while [ $1 ]; do
+   # relies on /proc - would it be better to use kill -0? -- Liam
[ -d /proc/$1 ]  return 0
shift
  done
  return 1
  }
  
  # A function to start a program.
  daemon() {
  # Test syntax.
***
*** 201,206 
--- 204,211 
  [ -z $gotbase ]  base=${1##*/}
  
  # See if it's already running. Look *only* at the pid file.
+ # why? what if it's running but the pidfile was removed? this
+ # seems fragile - Liam
  pid=`pidfileofproc $base`
  
  [ -n ${pid:-} ]  return
***
*** 309,315 
  
# First try /var/run/*.pid files
if [ -f /var/run/${base}.pid ] ; then
!   read pid  /var/run/${base}.pid
for p in $line ; do
   [ -z ${p//[0-9]/} -a -d /proc/$p ]  pid=$pid $p
done
--- 314,321 
  
  # First try /var/run/*.pid files
  if [ -f