I took a peek at the changes in upstream's CVS pointed to by Sam Couter.
As far as I can see, that approach is correct. I modified the 1.214-2
Debian package accordingly. If fact, I changed all calls to MKDIR_CMD to
not use -p. In addition, I had to change things so that firehol_exit
won't remove $FIREHOL_DIR if we didn't create it. This resulted in a few
other changes.
I have attached a patch. Since I don't use firehol myself (I only looked
at the bug because I'm having my very own private bug squashing party),
I didn't test the package extensively, but I did test that the startup
fails if it does not manage to create the temporary directory, and that
it won't remove it if it didn't create it.
Happy hacking, hopefully this patch will be of help.
diff -ru firehol-1.214/debian/changelog firehol-1.214.fixed/debian/changelog
--- firehol-1.214/debian/changelog 2005-02-02 00:27:38.000000000 +0200
+++ firehol-1.214.fixed/debian/changelog 2005-02-02 00:24:55.000000000 +0200
@@ -1,3 +1,13 @@
+firehol (1.214-2.0.liw.1) unstable; urgency=high
+
+ * firehol.sh, firehol-lib.sh: Removed -p parameters from calls to mkdir.
+ This should properly fix the security problem in #291680. Also made
+ sure that the temporary directory is not removed on exit if we did
+ not create it (removing someone else's directories is rude, even
+ if they might be trying to crack the system).
+
+ -- Lars Wirzenius <[EMAIL PROTECTED]> Wed, 2 Feb 2005 00:12:00 +0200
+
firehol (1.214-2) unstable; urgency=high
* Makes wget and curl check fail silently because the normal user
diff -ru firehol-1.214/firehol-lib.sh firehol-1.214.fixed/firehol-lib.sh
--- firehol-1.214/firehol-lib.sh 2005-02-02 00:27:38.000000000 +0200
+++ firehol-1.214.fixed/firehol-lib.sh 2005-02-02 00:23:44.000000000 +0200
@@ -100,7 +100,11 @@
# Make sure we have a directory for our data.
if [ ! -d "${FIREHOL_SPOOL_DIR}" ]
then
- ${MKDIR_CMD} -p "${FIREHOL_SPOOL_DIR}" || exit 1
+ if ! ${MKDIR_CMD} "${FIREHOL_SPOOL_DIR}"
+ then
+ FILEHOL_DIR="/"
+ exit 1
+ fi
fi
# IANA Reserved IPv4 address space
@@ -1538,7 +1542,7 @@
# Externally defined services can be placed in "${FIREHOL_CONFIG_DIR}/services/"
if [ ! -d "${FIREHOL_CONFIG_DIR}/services" ]
then
- "${MKDIR_CMD}" -p "${FIREHOL_CONFIG_DIR}/services"
+ "${MKDIR_CMD}" "${FIREHOL_CONFIG_DIR}/services"
if [ $? -ne 0 ]
then
echo >&2
@@ -1547,6 +1551,7 @@
echo >&2 "Possibly you have a file with this name, or something else is happening."
echo >&2 "Please solve this issue and retry".
echo >&2
+ FILEHOL_DIR="/"
exit 1
fi
"${CHOWN_CMD}" root:root "${FIREHOL_CONFIG_DIR}/services"
diff -ru firehol-1.214/firehol.sh firehol-1.214.fixed/firehol.sh
--- firehol-1.214/firehol.sh 2005-02-02 00:27:38.000000000 +0200
+++ firehol-1.214.fixed/firehol.sh 2005-02-02 00:22:03.000000000 +0200
@@ -47,7 +47,9 @@
echo
fi
- test -d "${FIREHOL_DIR}" && ${RM_CMD} -rf "${FIREHOL_DIR}"
+ test -d "${FIREHOL_DIR}" -a "${FIREHOL_DIR}" != "/" && \
+ ${RM_CMD} -rf "${FIREHOL_DIR}"
+
return 0
}
@@ -57,10 +59,10 @@
#set out umask so that nobody could exploit the tempdir
umask 077
test -d "${FIREHOL_DIR}" && echo "Tempdir already exists. Please remove it before proceeding" && exit 1
-${MKDIR_CMD} -p "${FIREHOL_DIR}"
-test $? -gt 0 && exit 1
+${MKDIR_CMD} "${FIREHOL_DIR}"
+test $? -gt 0 && FIREHOL_DIR="/" && exit 1
-${MKDIR_CMD} -p "${FIREHOL_CHAINS_DIR}"
+${MKDIR_CMD} "${FIREHOL_CHAINS_DIR}"
test $? -gt 0 && exit 1
