In regard to: [Networker] possible symlink attack in shutdown script,...:
>I have received the following notice:
>
>the shutdown (nsr_shutdown) script from networker version 6.0 and higher
>contains the following:
This was reported on BugTraq last week. Yes, it's a problem. If you
have NetWorker support, you should call and log a problem with Legato.
Be sure to mention it's a security problem, and it affects every UNIX
client.
Of the security problems I know of with NetWorker, I consider this one
the least worrisome. You can actually fix it yourself, if you want.
Since NetWorker requires a /nsr directory (or symlink), nsr_shutdown could
easily just create its tempfiles under there. Or, the script could be
modified to use a here document, and not use any tempfiles at all.
Either one of these modifications, you can affect.
>zero_worklist()
>{
>[...]
> rm -f /tmp/nsrsh$$
> echo '. type: nsr group' > /tmp/nsrsh$$ # <----------------
> echo 'update work list:; completion:' >> /tmp/nsrsh$$
> nsradmin ${RESFILE} -i - < /tmp/nsrsh$$ > /dev/null 2>&1
> rm -f /tmp/nsrsh$$
>}
>[...]
What happens if you replace that code with
nsradmin ${RESFILE} -i - <<_NSR_HERE_DOC
. type: nsr group
update work list:; completion:
_NSR_HERE_DOC
Tim
--
Tim Mooney mooney AT dogbert.cc.ndsu.NoDak DOT edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|