COMMAND
delegate
SYSTEMS AFFECTED
Those running delegate
PROBLEM
Olaf Seibert found following. Delegate is a multi-protocol proxy
deamon (ftp, http, telnet, etc). Olaf noticed that it creates
lots of files and directories in the DGROOT directory that are
writable for everybody (NetBSD as testing platform). This was the
configuration:
-P21
SERVER=ftp://ftp.[removed]
PERMIT=[removed]
DGROOT=/tmp/delegate
OWNER=delegate
Delegate is started from inetd.conf:
ftp stream tcp wait delegate /usr/local/bin/delegated
/usr/local/bin/delegated +=/etc/delegated.conf
Output of ls -alR /tmp/delegate:
total 14
drwxrwxrwx 7 delegate wheel 512 Jun 30 16:01 .
drwxrwxrwt 4 root wheel 512 Jun 30 16:07 ..
drwxrwxrwx 5 delegate wheel 512 Jun 30 16:01 act
drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 etc
drwxrwxrwx 3 delegate wheel 512 Jun 30 16:01 log
drwxr-xr-x 3 delegate wheel 512 Jun 30 16:06 tmp
drwxrwxrwx 2 delegate wheel 512 Jun 30 16:06 work
[lots removed]
delegate/tmp/resolvy/ab3f2cfb31e801face8fa9c06c38ab4b/byname:
total 8
drwxrwxrwx 2 delegate wheel 512 Jun 30 16:01 .
drwxrwxrwx 4 delegate wheel 512 Jun 30 16:01 ..
-rw-rw-rw- 1 delegate wheel 50 Jun 30 16:01 09
-rw-rw-rw- 1 delegate wheel 49 Jun 30 16:01 12
This is of course not good from a security viewpoint. Another
thing: If you start delegate as root, and it changes to another
user, some of these directories are made as root, and later
delegate claims it cannot create some other files.
SOLUTION
Nothing yet. This is an un-official fix for delegate 5.9.1.
This patch changes mode 777 -> 775, and it puts
"OWNER=delegate/delegate" option for delegated. Latest delegate
version is 5.9.3.
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/rary/file.c delegate5.9.1/rary/file.c
--- delegate5.9.1.org/rary/file.c Mon Mar 15 18:33:28 1999
+++ delegate5.9.1/rary/file.c Thu Apr 15 09:56:29 1999
@@ -372,7 +372,7 @@
tmpdir = "/tmp";
}
if( !fileIsdir(tmpdir) )
- mkdir(tmpdir,0777);
+ mkdir(tmpdir,0775);
if( path == NULL )
path = pathb;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/resolvy/rescache.c delegate5.9.1/resolvy/rescache.c
--- delegate5.9.1.org/resolvy/rescache.c Mon Jan 11 03:47:49 1999
+++ delegate5.9.1/resolvy/rescache.c Thu Apr 15 09:57:43 1999
@@ -65,8 +65,8 @@
if( fp == NULL && *mode != 'r' ){
mkdir(tmpdir,0755);
- if( mkdir(cdirs,0777) == 0 ) chmod(cdirs,0777);/*ignore umask*/
- if( mkdir(cdirg,0777) == 0 ){chmod(cdirg,0777);
+ if( mkdir(cdirs,0775) == 0 ) chmod(cdirs,0775);/*ignore umask*/
+ if( mkdir(cdirg,0775) == 0 ){chmod(cdirg,0775);
RES_getconf(conf);
sprintf(idfile,"%s/config",cdirg);
cfp = fopen(idfile,"w");
@@ -81,7 +81,7 @@
fputs(conf,cfp);
fclose(cfp);
}
- if( mkdir(cdir1,0777) == 0 ) chmod(cdir1,0777);
+ if( mkdir(cdir1,0775) == 0 ) chmod(cdir1,0775);
if( (fp = fopen(cpath,mode)) == NULL ){
cache_cantopen = time(0);
@@ -89,7 +89,7 @@
}
}
if( fp != NULL && *mode != 'r' )
- chmod(cpath,0666);
+ chmod(cpath,0664);
return fp;
}
@@ -184,7 +184,7 @@
debug(DBG_FORCE,"CACHE cant del.? %s\n",cpath);
if( rename(newpath,cpath) == 0 ){
debug(DBG_ANY,"CACHE truncated %s\n",cpath);
- chmod(cpath,0666);
+ chmod(cpath,0664);
}
if( unlink(newpath) == 0 )
debug(DBG_FORCE,"CACHE salvaged %s\n",newpath);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/cache.c delegate5.9.1/src/cache.c
--- delegate5.9.1.org/src/cache.c Fri Jul 10 18:22:56 1998
+++ delegate5.9.1/src/cache.c Thu Apr 15 09:54:02 1999
@@ -174,7 +174,7 @@
if( dp = strrchr(file,'/') ){
*dp = 0;
- mkdirR(file,0777);
+ mkdirR(file,0775);
*dp = '/';
}
@@ -731,7 +731,7 @@
fclose(cachefp);
if( gotok ){
- if( renameR(xcpath,cpath,0777) == 0 )
+ if( renameR(xcpath,cpath,0775) == 0 )
sv1log("CACHE: got = [%d] %s\n",size,cpath);
else sv1log("CACHE: can't link %s => %s\n",cpath,xcpath);
}else{
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/delegated.c delegate5.9.1/src/delegated.c
--- delegate5.9.1.org/src/delegated.c Mon Mar 15 19:18:15 1999
+++ delegate5.9.1/src/delegated.c Thu Apr 15 09:54:16 1999
@@ -3473,7 +3473,7 @@
fprintf(stderr,"WORKDIR=%s\n",wdir);
}
- mkdirR(wdir,0777);
+ mkdirR(wdir,0775);
getcwd(cwd,sizeof(cwd));
originWD = strdup(cwd);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/editconf.c delegate5.9.1/src/editconf.c
--- delegate5.9.1.org/src/editconf.c Tue Oct 6 15:51:05 1998
+++ delegate5.9.1/src/editconf.c Thu Apr 15 09:55:18 1999
@@ -370,7 +370,7 @@
fprintf(stderr,"#### %s\n",msg);
YesOrNo(stderr,stdin,"#### Create Cachedir",yn);
if( yn[0] == 'y' )
- if( mkdirR(sdir,0777) == 0 ){
+ if( mkdirR(sdir,0775) == 0 ){
fprintf(stderr,"#### Created: %s\n",sdir);
sv1log("#### CACHEDIR created: %s\n",sdir);
return 0;
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/log.c delegate5.9.1/src/log.c
--- delegate5.9.1.org/src/log.c Mon Mar 15 19:39:35 1999
+++ delegate5.9.1/src/log.c Thu Apr 15 09:55:35 1999
@@ -410,7 +410,7 @@
loglog("AGEFILE(%x,%s,%s,%s,%s) %d\n",ofp,file,current,mode,tmpdir,was_active);
unlink(current);
- linkR(file,current,0777); /* should use symbolic link ? */
+ linkR(file,current,0775); /* should use symbolic link ? */
REOPEN:
nfp = fopen(file,mode);
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/nntp.c delegate5.9.1/src/nntp.c
--- delegate5.9.1.org/src/nntp.c Fri Mar 5 17:08:41 1999
+++ delegate5.9.1/src/nntp.c Thu Apr 15 09:55:57 1999
@@ -5266,7 +5266,7 @@
if( 0 < xsize ){
sprintf(apath1,"%s#",apath);
- if( linkR(xapath,apath1,0777) != 0 ){
+ if( linkR(xapath,apath1,0775) != 0 ){
sv1log("#### linkR(%s,%s) failed(%d).\n",
xapath,apath1,errno);
return afp;
@@ -5295,7 +5295,7 @@
}else{
if( xsize == 0 )
unlink(xapath);
- linkR(apath,xapath,0777);
+ linkR(apath,xapath,0775);
sv1log("LINKED-2 [%s] from [%s]\n",apath,xapath);
}
diff -ur -x *.[oa] -x *.exe -x *.go delegate5.9.1.org/src/uns.c delegate5.9.1/src/uns.c
--- delegate5.9.1.org/src/uns.c Tue Aug 4 22:41:29 1998
+++ delegate5.9.1/src/uns.c Thu Apr 15 09:56:11 1999
@@ -165,7 +165,7 @@
if( dp = strrpbrk(dir,"/\\") )
*dp = 0;
if( !fileIsdir(dir) ){
- mkdirR(dir,0777);
+ mkdirR(dir,0775);
if( !fileIsdir(dir) )
errlog("bind_un: cannot mkdir %s\n",dir);
}