[Mono-bugs] [Bug 77340][Maj] Changed - Local user can overwrite arbitrary file using mono-service
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Wed Aug 30 06:13:20 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by joergr at voelcker.com.
http://bugzilla.ximian.com/show_bug.cgi?id=77340
--- shadow/77340 2006-07-31 12:06:56.000000000 -0400
+++ shadow/77340.tmp.13924 2006-08-30 06:13:20.000000000 -0400
@@ -85,6 +85,25 @@
I am aware that -l: can be used to pick a lock location that isn't as
insecure as /tmp. However, I believe that if the default invocation of
mono-service opens a security hole (due to reckless usage of /tmp), it
is something that should be fixed or, at the very least, the openness
to attacks should be documented in block letters.
+
+------- Additional Comments From JoergR at voelcker.com 2006-08-30 06:13 -------
+Sorry, that I haven't found this bug until now.
+
+Some thoughts about this:
+Would it improve security to open the file using OpenFlags.O_NOFOLLOW?
+This should prevent symlink attacks. Putting the lock file to /var/run
+as default seems also reasonable to me.
+
+To Alp: The redirection happens to avoid any console output. This
+should run as/like a daemon shouldn't it? Any error messages of
+mono-service go to the system log. When mono-service was still C code
+the forking was done inside the daemon. This was factored out to the
+shell script because it could not be easily done in C#. As someone
+with not much shell scripting experience I don't know what you mean
+with "The
+shell script is a total hack. It's unsupportable and should not ship
+in its current state." Do you have any suggestions for improvement of
+this script?
More information about the mono-bugs
mailing list