RE: [patch] make vncpasswd create ~/.vnc if it doesn't exist

Mon, 03 Sep 2001 19:16:27 -0700 

NO! NO! NO! NO!*

Do not EVER trust the environment, particularly when using sprintf() with
bounded arrays! This is how we got into all that locale, xmcd, kerberos,
dtmail (and so on... the list is endless) bother.

Create the directory securely, and test for its existance before you go out
and create it. This is how symlink attacks occur.

The mode of the .vnc directory should be 700 not, 755. There is no reason to
create this directory as 755, as this allows any user to discover the user's
VNC password.

Test the error result, don't just ignore it!

Andrew

* :-) in case you feel that I'm being too harsh. But this is about security,
so I'm being harsh.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Waugh
Sent: Tuesday, 4 September 2001 03:36
To: [EMAIL PROTECTED]
Subject: [patch] make vncpasswd create ~/.vnc if it doesn't exist


Here is a patch that makes vncpasswd create ~/.vnc if it doesn't
exist, rather than failing with a less than obvious error message.

Tim.
*/

--- vnc_unixsrc/vncpasswd/vncpasswd.c.vncuserdir        Tue Aug 17 12:31:42 1999
+++ vnc_unixsrc/vncpasswd/vncpasswd.c   Mon Sep  3 18:09:06 2001
@@ -24,9 +24,12 @@
  *              anyway.
  */

+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 #include <unistd.h>
 #include "vncauth.h"

@@ -38,6 +41,7 @@
 int main(int argc, char *argv[]) {
   char *passwd;
   char *passwd1;
+  char passwdDir[256];
   char passwdFile[256];
   int i;

@@ -46,7 +50,8 @@
          fprintf(stderr,"Error: no HOME environment variable\n");
          exit(1);
       }
-      sprintf(passwdFile,"%s/.vnc/passwd",getenv("HOME"));
+      sprintf(passwdDir,"%s/.vnc",getenv("HOME"));
+      sprintf(passwdFile,"%s/passwd",passwdDir);

   } else if (argc == 2) {

@@ -78,6 +83,12 @@
     }

     if (strcmp(passwd1, passwd) == 0) {
+      if (mkdir (passwdDir, (S_IRWXU | S_IRGRP | S_IXGRP |
+                            S_IROTH | S_IXOTH)) == -1 &&
+         errno != EEXIST) {
+       perror ("~/.vnc");
+       exit (1);
+      }
       if (vncEncryptAndStorePasswd(passwd, passwdFile) != 0) {
        fprintf(stderr,"Cannot write password file %s\n",passwdFile);
        exit(1);
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to