Package: ekeyd
Version: 1.1.1-1
Severity: normal
User: [email protected]
Usertags: origin-ubuntu lucid
Hello,
The empty /etc/entropykey/keyring ships with world-readable permissions.
This isn't a big deal since write_keyring() will fchmod to 0600, but there
is a race between fopen and fchmod:
fh = fopen(fname, "w");
if (fh == NULL) {
/* Unable to open keyring */
return -1;
}
fchmod(fileno(fh), 0600);
Since umask isn't set, this means it would get the umask of the admin,
possibly making the well-known tmp file readable long enough for a
malicious local user to keep an fd open and read the contents after the
chmod. (Really unlikely, but still...)
Perhaps something like:
fh = fdopen(open(fname, O_CREAT|O_EXCL|O_WRONLY, 0600),"w"));
instead?
-Kees
--
Kees Cook @debian.org
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
