net/rrdtool: fix for #794 - "rrdtool creates folders/files with arbitrary permissions"

Mon, 04 Dec 2017 02:42:07 -0800 

Hi,

Starting to use collectd, I had trouble when launching the
rc-script for the first time.

Lot of errors of file permissions occured (I ran it unprivilegied). I
investigate the problem, and ends in rrdtool.

There were no errors when collectd was ran as root.

But in both cases, the file permissions are wierd (but not exactly the
same, here when ran as root):

# find /var/collectd -ls
...
233863    4 drwxr-xr-x    2 root     _collectd      512 Dec  4 11:29 
/var/collectd/clyde/interface-bge0
233867  640 ----rw-rw-    1 root     _collectd   295232 Dec  4 11:29 
/var/collectd/clyde/interface-bge0/if_errors.rrd
233868  640 ----rw-rw-    1 root     _collectd   295232 Dec  4 11:29 
/var/collectd/clyde/interface-bge0/if_packets.rrd
233865  640 ----rw-rw-    1 root     _collectd   295232 Dec  4 11:29 
/var/collectd/clyde/interface-bge0/if_octets.rrd
233866    4 d--xrwxrwx    2 root     _collectd      512 Dec  4 11:29 
/var/collectd/clyde/memory
233870  292 ----rw-rw-    1 root     _collectd   148648 Dec  4 11:29 
/var/collectd/clyde/memory/memory-inactive.rrd
...

The issue is known, and is already corrected upstream (but not released).

ISSUE: "Regression: rrdtool creates folders/files with arbitrary permissions"
        https://github.com/oetiker/rrdtool-1.x/issues/794

FIX: "Remove all occurances of umask ... this is NOT thread safe! Fix for #794"
        
https://github.com/oetiker/rrdtool-1.x/commit/f1edd121add94fe69ac22d991748d289b5eb76ae

The following diff is the fix applied on 1.7.0.

I encourage people to check the file permissions of their files,
specially if first usage was done using 1.7.0, as files could be world
readable/writable.

Thanks.
-- 
Sebastien Marie


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/rrdtool/Makefile,v
retrieving revision 1.106
diff -u -p -r1.106 Makefile
--- Makefile    2 Nov 2017 21:51:59 -0000       1.106
+++ Makefile    4 Dec 2017 10:12:25 -0000
@@ -12,7 +12,7 @@ PKGNAME-main= ${DISTNAME}
 PKGNAME-update=        rrdupdate-${VERSION}
 PKGNAME-python= py-rrd-${VERSION}
 PKGNAME-ruby=  ruby${MODRUBY_BINREV}-rrd-${VERSION}
-REVISION-main= 1
+REVISION-main= 2
 REVISION-update= 0
 
 SHARED_LIBS += rrd                  5.2      # 9.0
Index: patches/patch-doc_rrdcreate_pod
===================================================================
RCS file: patches/patch-doc_rrdcreate_pod
diff -N patches/patch-doc_rrdcreate_pod
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_rrdcreate_pod     4 Dec 2017 10:12:25 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+Fix for https://github.com/oetiker/rrdtool-1.x/issues/794
+https://github.com/oetiker/rrdtool-1.x/commit/f1edd121add94fe69ac22d991748d289b5eb76ae
+Index: doc/rrdcreate.pod
+--- doc/rrdcreate.pod.orig
++++ doc/rrdcreate.pod
+@@ -743,6 +743,12 @@ divides each PDP of the AccumDuration by the correspon
+ TotalRequests and stores the average request duration. The remainder of the
+ RPN expression handles the divide by zero case.
+ 
++=head1 SECURITY
++
++Note that new rrd files will have the permission 0622 regarless of your
++umask setting. If a file with the same name previously exists, its
++permission settings will be copied to the new file.
++
+ =head1 AUTHORS
+ 
+ Tobias Oetiker E<lt>[email protected]<gt>, Peter Stamfest 
E<lt>[email protected]<gt>
Index: patches/patch-src_rrd_create_c
===================================================================
RCS file: patches/patch-src_rrd_create_c
diff -N patches/patch-src_rrd_create_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_rrd_create_c      4 Dec 2017 10:12:25 -0000
@@ -0,0 +1,56 @@
+$OpenBSD$
+Fix for https://github.com/oetiker/rrdtool-1.x/issues/794
+https://github.com/oetiker/rrdtool-1.x/commit/f1edd121add94fe69ac22d991748d289b5eb76ae
+Index: src/rrd_create.c
+--- src/rrd_create.c.orig
++++ src/rrd_create.c
+@@ -4,6 +4,7 @@
+  * rrd_create.c  creates new rrds
+  
*****************************************************************************/
+ 
++#include "mutex.h"
+ #include <stdlib.h>
+ #include <time.h>
+ #include <locale.h>
+@@ -1313,10 +1314,10 @@ done:
+     return rc;
+ }
+ 
++
+ int write_rrd(const char *outfilename, rrd_t *out) {
+     int rc = -1;
+     char *tmpfilename = NULL;
+-    mode_t saved_umask;
+ 
+     /* write out the new file */
+ #ifdef HAVE_LIBRADOS
+@@ -1341,10 +1342,10 @@ int write_rrd(const char *outfilename, rrd_t *out) {
+       strcpy(tmpfilename, outfilename);
+       strcat(tmpfilename, "XXXXXX");
+       
+-      /* fix CWE-377 */
+-      saved_umask = umask(S_IRUSR|S_IWUSR);
++      /* this is 0600 according to the manual page */
+       int tmpfd = mkstemp(tmpfilename);
+-      umask(saved_umask);
++
++
+       if (tmpfd < 0) {
+           rrd_set_error("Cannot create temporary file");
+           goto done;
+@@ -1377,13 +1378,8 @@ int write_rrd(const char *outfilename, rrd_t *out) {
+                 stat_buf.st_mode = _S_IREAD | _S_IWRITE;  // have to test it 
is 
+ #else
+               /* an error occurred (file not found, maybe?). Anyway:
+-                 set the mode to 0666 using current umask */
+-              stat_buf.st_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | 
S_IROTH | S_IWOTH;
+-              
+-              mode_t mask = umask(0);
+-              umask(mask);
+-
+-              stat_buf.st_mode &= ~mask;
++                 set the mode to 0644 using current umask */
++              stat_buf.st_mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
+ #endif                
+           }
+           if (chmod(tmpfilename, stat_buf.st_mode) != 0) {

Reply via email to