subject:"Bug#298116\: wwwoffle\: init.d script won't be able to control wwwoffled if bind\-ipv\* \!= localhost"

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

2005-04-07 Thread Paul Slootman

On Sat 05 Mar 2005, Paolo wrote:
> 
> this is somewhat different though closely releated to the config/control 
> deadlock reported previously (I guess).
> And, well, I'd rise the rank of this bug to 'grave', as it breaks pkg 
> functionality, and may open security issues: no way to control wwwoffled 
> anymore:

Well, it only happens in a very specific configuration that I guess most
people will never think of, so I'd hesitate to raise the severity beyond
important right now. Nevertheless I'll try to find a fix ASAP.

> [2.8e-1 on Sarge, on same host as wwwoffled ]
>  # wwwoffle -status -p 192.168.0.13:5866
>  [no answer, rc=0]
>  
> [2.7a on Woody, on same host as wwwoffled ]
>  # wwwoffle -status -p 192.168.0.13:5866
>  WWWOFFLE Incorrect Password
> 
> I think the old behaviour is better.
> 
>  # wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf
>  wwwoffle[32337] Warning: Failed to connect socket to 'localhost' port '5866' 
> [Connection refused].
>  wwwoffle[32337] Fatal: Cannot open connection to wwwoffle server localhost 
> port 5866.
> 
>  # wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf -p 192.168.0.13:5866
>  wwwoffle: The '-p' and '-c' options cannot be used together.

Hmm, this looks like a bug that was introduced when making it the
default to read the conf file as standard... I'll look into this today.


> Note that's perfectly reasonable to _not_ bind to 127.0.0.1.

Agreed.

> I don't see any solution at script level. wwwoffle should  just be able
> to do the right thing when given the -c file, though I'd rather have the
> -pwd option, as that's more fexible.

-pwd means that anyone on the system can read the password... Unless you
mean that it should interactively ask the password from the terminal?


> Now the SECURITY issues.
> 
> start with
> #wwwoffle.conf---
>   bind-ipv4 = 0.0.0.0
>   http-port = 5865
>   wwwoffle-port = 5866
>   password = 
> #
> 
> [from remote (allowed) host] 
>  # wwwoffle -status -p 192.168.0.13:5866
>  WWWOFFLE Server Status
>  --
>  Version  : 2.8e
>  State: offline
>  Fetch: inactive
>  Purge: inactive
>  Last-Online  : unknown
>  Last-Offline : unknown
>  Total-Servers: 0
>  Fetch-Servers: 0
> 
> Set a password (pseudo-diff)

I'm assuming this is on the server itself?

> #wwwoffle.conf---
> -  password = 
> +  password = secret
> #
> 
> [from either remote (allowed) host or localhost] 
>  # wwwoffle -config -p 192.168.0.13:5866
>  WWWOFFLE Reading Configuration File.
>  WWWOFFLE Read Configuration File.

Doing this from a remote host means there's also a local wwwoffle.conf,
right? I assume that you have put the right password in there :-)

> [from either remote (allowed) host or localhost] 
>  # wwwoffle -config -p 192.168.0.13:5866
>  WWWOFFLE Reading Configuration File.
>  WWWOFFLE Read Configuration File.
> 
> well, that shouldn't happen as the new config set a pwd; I'm faked into 
> thinking I've set a pwd but actually wwwoffled did not reload the config.
> I need to go restart the init.d script; but if I started with binding to
> other than 0.0.0.0 that wouldn't work either, as wwwoffle won't be able 
> to contact wwwoffled and -kill it, I need to killall wwwoffled, then 
> start the init.d script.

I hope to fix this today.


Paul Slootman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

2005-05-05 Thread Paolo

On Thu, Apr 07, 2005 at 05:39:26PM +0200, Paul Slootman wrote:
[sorry for lng delay, msg slipped up above *00 msgs in mutt thread 
view and must have overlooked it]
...
> Well, it only happens in a very specific configuration that I guess most
> people will never think of, so I'd hesitate to raise the severity beyond
> important right now. Nevertheless I'll try to find a fix ASAP.

hmm, ok, provided the quirk is duely documented.

> 
> > [2.8e-1 on Sarge, on same host as wwwoffled ]
> >  # wwwoffle -status -p 192.168.0.13:5866
> >  [no answer, rc=0]
> >  
> > [2.7a on Woody, on same host as wwwoffled ]
> >  # wwwoffle -status -p 192.168.0.13:5866
> >  WWWOFFLE Incorrect Password
> > 
> > I think the old behaviour is better.

well, now (2.8e-2) from a remote host, I get:

~#  wwwoffle -status -p pmab:5867
Can't read from control port (is this host allowed?)

pmab has 

StartUp
{
 bind-ipv4 = 192.168.0.53
 http-port  = 8080
 wwwoffle-port = 5867
...

and I've changed pwd since starting the server. On pmab I get

~# wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf
WWWOFFLE Incorrect Password

hmm... ok, that's because I've put 

AllowedConnectHosts
{
 192.168.0.0/24
}

which wwwoffle seems to not understand (or take as a fancy hostname).
Then putting 192.168.0.* I get on remote same 'Incorrect Password' answer.

> >  # wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf -p 192.168.0.13:5866
> >  wwwoffle: The '-p' and '-c' options cannot be used together.
> 
> Hmm, this looks like a bug that was introduced when making it the
> default to read the conf file as standard... I'll look into this today.

this is not resolved yet: if I change pwd in the .conf, I'm still closing
the door with the key on the other side - no way to run wwwoffle -config.

> > Note that's perfectly reasonable to _not_ bind to 127.0.0.1.
> 
> Agreed.

yep, this seems solved. Init script does what's expected in any case.

> > I don't see any solution at script level. wwwoffle should  just be able
> > to do the right thing when given the -c file, though I'd rather have the
> > -pwd option, as that's more fexible.
> 
> -pwd means that anyone on the system can read the password... Unless you
> mean that it should interactively ask the password from the terminal?

well, many programs offer the possibility to pass the pwd on stdin, on 
cmd line, interactively or from file. From terminal would be ok for 
local/remote interactive session, but the other options would be needed
for scripting; yes -pwd on cmd line would normally expose the key, but see
what eg smbmount does, if you put --password=key you won't see the key on
ps ax. A pwd file is handy, perhaps searched in a default location, eg
~/.wwwoffle/passwd like vnc etc., before switching uid.
Anyway the main point here is to break the guaranteed deadlock you have
since 
1) -c / -p aren't allowed together 
2) cannot specify pwd other than in .conf
3) .conf data are not overridden by cmd line opts.
I think ripping out the pwd from the config would be better, like is done 
in rsync etc. as it avoids the chicken-egg dilemma on -config.

> > Set a password (pseudo-diff)
> 
> I'm assuming this is on the server itself?
> 
> > #wwwoffle.conf---
> > -  password = 
> > +  password = secret
> > #

yes

> > 
> > [from either remote (allowed) host or localhost] 
> >  # wwwoffle -config -p 192.168.0.13:5866
> >  WWWOFFLE Reading Configuration File.
> >  WWWOFFLE Read Configuration File.
> 
> Doing this from a remote host means there's also a local wwwoffle.conf,
> right? I assume that you have put the right password in there :-)

not needed, that's the point. When pwd is unset remote can do 
wwwoffle  -p host:port
But that works _even after_ pwd is set/changed on server and -config is
issued and apparently acknowledged. 
There's an asymmetry on server, in that -p works while -c doesn't, so in 
latter case new/set pwd is used while in 1st case it isn't.
At present, it should at least be clearly stated in the docs that
control access credentials are _not_ changed by -config. Actually, at 
present once set they _cannot_ be changed at all and kill/start cycle is 
mandatory.
Finally note a funny situation:

on server set

StartUp
{
 bind-ipv4 = 192.168.0.53
 http-port  = 8080
 wwwoffle-port = 5867
 password = secret
}

restart wwwoffled.
On remote do 

echo '
StartUp
{
 bind-ipv4 = 192.168.0.53
 http-port  = 8080
 wwwoffle-port = 5867
 password = secret
} ' > ~/.wwwoffle

now on server:

~# wwwoffle -config -p pmab:5867
WWWOFFLE Incorrect Password
~# wwwoffle -config -c /etc/wwwoffle/wwwoffle.conf
WWWOFFLE Reading Configuration File.
WWWOFFLE Read Configuration File.

on remote:

~#  wwwoffle -config -p pmab:5867
WWWOFFLE Incorrect Password
~#  wwwoffle -config -c ~/.wwwoffle 
WWWOFFLE Reading Configuration File.
WWWOFFLE Read Configuration File.

Ok, change server pwd in .conf:
...
#wwwoffle.conf---
-  password = secret
+  password = n

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

2005-03-05 Thread Paolo

Package: wwwoffle
Version: 2.8e-1
Followup-For: Bug #298116

hello,

this is somewhat different though closely releated to the config/control 
deadlock reported previously (I guess).
And, well, I'd rise the rank of this bug to 'grave', as it breaks pkg 
functionality, and may open security issues: no way to control wwwoffled 
anymore:

#wwwoffle.conf---
  bind-ipv4 = 192.168.0.13
  http-port = 5865
  wwwoffle-port = 5866
  password = secret
#
 # wwwoffle -status
 wwwoffle[32335] Warning: Failed to connect socket to 'localhost' port '8081' 
[Connection refused].
 wwwoffle[32335] Fatal: Cannot open connection to wwwoffle server localhost 
port 8081.

[2.8e-1 on Sarge, on same host as wwwoffled ]
 # wwwoffle -status -p 192.168.0.13:5866
 [no answer, rc=0]
 
[2.7a on Woody, on same host as wwwoffled ]
 # wwwoffle -status -p 192.168.0.13:5866
 WWWOFFLE Incorrect Password

I think the old behaviour is better.

 # wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf
 wwwoffle[32337] Warning: Failed to connect socket to 'localhost' port '5866' 
[Connection refused].
 wwwoffle[32337] Fatal: Cannot open connection to wwwoffle server localhost 
port 5866.

 # wwwoffle -status -c /etc/wwwoffle/wwwoffle.conf -p 192.168.0.13:5866
 wwwoffle: The '-p' and '-c' options cannot be used together.

same for any other -command of course - in particular, for the initial 
-config on start from init.d script.
Thus I've closed the door leaving the key on the other side.
/etc/init.d/wwwoffle * won't be able to stop/restart the demon.

Note that's perfectly reasonable to _not_ bind to 127.0.0.1.

I don't see any solution at script level. wwwoffle should  just be able
to do the right thing when given the -c file, though I'd rather have the
-pwd option, as that's more fexible.


Now the SECURITY issues.

start with
#wwwoffle.conf---
  bind-ipv4 = 0.0.0.0
  http-port = 5865
  wwwoffle-port = 5866
  password = 
#

[from remote (allowed) host] 
 # wwwoffle -status -p 192.168.0.13:5866
 WWWOFFLE Server Status
 --
 Version  : 2.8e
 State: offline
 Fetch: inactive
 Purge: inactive
 Last-Online  : unknown
 Last-Offline : unknown
 Total-Servers: 0
 Fetch-Servers: 0

Set a password (pseudo-diff)
#wwwoffle.conf---
-  password = 
+  password = secret
#

[from either remote (allowed) host or localhost] 
 # wwwoffle -config -p 192.168.0.13:5866
 WWWOFFLE Reading Configuration File.
 WWWOFFLE Read Configuration File.

[from either remote (allowed) host or localhost] 
 # wwwoffle -config -p 192.168.0.13:5866
 WWWOFFLE Reading Configuration File.
 WWWOFFLE Read Configuration File.

well, that shouldn't happen as the new config set a pwd; I'm faked into 
thinking I've set a pwd but actually wwwoffled did not reload the config.
I need to go restart the init.d script; but if I started with binding to
other than 0.0.0.0 that wouldn't work either, as wwwoffle won't be able 
to contact wwwoffled and -kill it, I need to killall wwwoffled, then 
start the init.d script.

-- oopla

-- System Information
Debian Release: [Sarge, other machine]



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

Bug#298116: wwwoffle: init.d script won't be able to control wwwoffled if bind-ipv* != localhost

3 matches

Site Navigation

Mail list logo

Footer information