Your message dated Wed, 09 Feb 2005 16:47:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292420: fixed in razor 2.670-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jan 2005 22:13:04 +0000
>From [EMAIL PROTECTED] Wed Jan 26 14:13:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from tornado.dat.etsit.upm.es (dat.etsit.upm.es) [138.100.17.73]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1CtvPL-0007Xq-00; Wed, 26 Jan 2005 14:13:03 -0800
Received: (qmail 16724 invoked by uid 1013); 26 Jan 2005 22:13:01 -0000
Date: Wed, 26 Jan 2005 23:13:01 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: razor: Insecure /tmp usage
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--z6Eq5LdranGa6ru8
Content-Type: multipart/mixed; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: razor
Version: 2.610-2
Severity: grave
Tags: security patch sid testing
The use done of files under /tmp by Razor for logging is unsafe and open to
symlink attacks. It would be best if Razor would use safely created=20
temporary files and directories to prevent a local installation from being=
=20
harmed by a rogue user.
I belive the attached patch accounts for all the unsafe usages of /tmp I've
spotted through an audit of the source code. I have not tested it however,
as I don't actually use Razor myself.
BTW the debian/changelog refers to RAZOR_HOME (which says it defaults to=20
/tmp). However the code uses RAZORHOME (as the location of the=20
configuration files and such) and I seem to be unable to find any=20
references to RAZOR_HOME in the code. Is this debian changelog entry=20
correct:
(in 2.400-1)
* Without syslog, razor logs to RAZOR_HOME, which defaults to /tmp.
* I am not going to change the default RAZOR_HOME to /var/log as one
* person requested because people that would not work for individual
* users (no write permission).
Seems to me like all logging is done to /tmp.
Regards
Javier
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="razor-logfiles.diff"
Content-Transfer-Encoding: quoted-printable
diff -Nru razor-2.610.orig/lib/Razor2/Client/Agent.pm razor-2.610/lib/Razor=
2/Client/Agent.pm
--- razor-2.610.orig/lib/Razor2/Client/Agent.pm 2005-01-26 08:48:06.0000000=
00 +0100
+++ razor-2.610/lib/Razor2/Client/Agent.pm 2005-01-26 22:58:37.000000000
+0=
100
@@ -22,6 +22,7 @@
use Razor2::Preproc::Manager;
use Data::Dumper;
use vars qw( $VERSION $PROTOCOL );
+use File::Temp qw/ tempfile tempdir /;
=20
=20
$PROTOCOL =3D $Razor2::Client::Version::PROTOCOL;
@@ -130,7 +131,7 @@
LogPrefix =3D> $self->{breed},
LogTimestamp =3D> 1,
DontDie =3D> 1,
- Log2FileDir =3D> defined($self->{conf}->{tmp_dir=
}) ? $self->{conf}->{tmp_dir} : "/tmp",
+ Log2FileDir =3D> defined($self->{conf}->{tmp_dir=
}) ? $self->{conf}->{tmp_dir} : tempdir (CLEANUP =3D> 1),
);
$self->{logref} =3D ref($logger) ? $logger : 0;
# log error strings at loglevel 11. Pick a high number 'cuz
diff -Nru razor-2.610.orig/lib/Razor2/Logger.pm razor-2.610/lib/Razor2/Logg=
er.pm
--- razor-2.610.orig/lib/Razor2/Logger.pm 2003-12-07 09:49:34.000000000
+01=
00
+++ razor-2.610/lib/Razor2/Logger.pm 2005-01-26 22:57:25.000000000 +0100
@@ -10,6 +10,8 @@
# 2003/09/10 Anne Bennett: syslog of our choice (uses socket,
# does not assume network listener).
use Sys::Syslog;
+# 2005/01/26 Javier Fernandez-Sanguino: use safe temporary directories
+use File::Temp qw/ tempfile tempdir /;
=20
# designed to be inherited module
# but can stand alone.=20
@@ -59,7 +61,7 @@
=20
$self->{LogTimeFormat} ||=3D "%b %d %H:%M:%S"; # formatting from strf=
time()
$self->{LogDebugLevel} =3D exists $self->{LogDebugLevel} ? $self->{L=
ogDebugLevel} : 5;
- $self->{Log2FileDir} ||=3D "/tmp";
+ $self->{Log2FileDir} ||=3D tempdir( CLEANUP =3D> 1 );
=20
# 2002/11/27 Anne Bennett: log this at level 2 so we can set level
# 1 (to get errors only) and avoid this unneeded line.
@@ -121,15 +123,10 @@
return;
}
my $len =3D length($$textref);
- my $fn =3D "$self->{Log2FileDir}/razor.$$.$fn_ext";
-
- if (open OUT, ">$fn") {
- print OUT $$textref;
- close OUT;
- $self->log($prio,"log2file: wrote message len=3D$len to file: $fn"=
);
- } else {
- $self->log($prio,"log2file: could not write to $fn: $!");
- }
+ my $fn =3D tempfile ("razor.XXXXXX", SUFFIX =3D> ".$fn_ext", DIR =3D> =
$self->{Log2FileDir}" or $self->log($prio,"log2file: could create logfile: =
$!");
+ print $fn $$textref;
+ close $fn;
+ $self->log($prio,"log2file: wrote message len=3D$len to file: $fn");
}
=20
1;
diff -Nru razor-2.610.orig/lib/Razor2/Preproc/Manager.pm razor-2.610/lib/Ra=
zor2/Preproc/Manager.pm
--- razor-2.610.orig/lib/Razor2/Preproc/Manager.pm 2003-08-05
20:30:54.0000=
00000 +0200
+++ razor-2.610/lib/Razor2/Preproc/Manager.pm 2005-01-26 23:01:09.000000000=
+0100
@@ -5,6 +5,7 @@
use Razor2::Preproc::deHTML;
use Razor2::Preproc::deNewline;
use Data::Dumper;
+use File::Temp qw/ tempfile /;
use strict;
=20
sub new {
@@ -78,11 +79,10 @@
sub log2file {
my ($self, $msgref, $mailid) =3D @_;
my $len =3D length($$msgref);
- my $fn =3D "/tmp/.razor.debug.msg.$$.$mailid";
- if (open OUT, ">$fn") {
- print OUT $$msgref;
- close OUT;
- } else {
+ my $fh =3D tempfile (".razor.debug.msg.XXXXXX");
+ if ($fh) {
+ print $fh $$msgref;
+ close $fh;
}
}
=20
--9amGYk9869ThD9tj--
--z6Eq5LdranGa6ru8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB+BXsi4sehJTrj0oRAokjAJ45BHAut7ioL2gAaQjZd3Ua+qxnZwCg3YJK
UNkOzvvBQuSipkF2+nhKs7g=
=7DZF
-----END PGP SIGNATURE-----
--z6Eq5LdranGa6ru8--
---------------------------------------
Received: (at 292420-close) by bugs.debian.org; 9 Feb 2005 21:53:32 +0000
>From [EMAIL PROTECTED] Wed Feb 09 13:53:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cyzm8-0003Fd-00; Wed, 09 Feb 2005 13:53:32 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cyzg2-0006Ec-00; Wed, 09 Feb 2005 16:47:14 -0500
From: Corrin Lakeland <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292420: fixed in razor 2.670-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 09 Feb 2005 16:47:14 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 12
Source: razor
Source-Version: 2.670-1
We believe that the bug you reported is fixed in the latest version of
razor, which is due to be installed in the Debian FTP archive:
razor_2.670-1.diff.gz
to pool/main/r/razor/razor_2.670-1.diff.gz
razor_2.670-1.dsc
to pool/main/r/razor/razor_2.670-1.dsc
razor_2.670-1_powerpc.deb
to pool/main/r/razor/razor_2.670-1_powerpc.deb
razor_2.670.orig.tar.gz
to pool/main/r/razor/razor_2.670.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Corrin Lakeland <[EMAIL PROTECTED]> (supplier of updated razor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 10 Feb 2005 08:30:06 +1300
Source: razor
Binary: razor
Architecture: source powerpc
Version: 2.670-1
Distribution: unstable
Urgency: low
Maintainer: Corrin Lakeland <[EMAIL PROTECTED]>
Changed-By: Corrin Lakeland <[EMAIL PROTECTED]>
Description:
razor - spam-catcher using a collaborative filtering network
Closes: 176013 213227 247057 261506 262765 269723 271809 278981 281098 288558
292181 292420
Changes:
razor (2.670-1) unstable; urgency=low
.
* Lots of changes, mostly upstream fixes meaning we need fewer fixes.
* Upgrade to latest stable release (Closes: #261506)
* Don't include upstream changelogs in debian changes (Closes: #292181)
* Fixed typos (Closes: #288558, #281098)
* RAZOR_HOME is now derived automatically and cannot be manually set.
The logic for deriving it automatically has been improved so you
shouldn't see any problems unless they're trying to do something odd.
I'm going to close the old bug reports about logging to / because
I cannot reproduce them at all with this version
(Closes: #269723, #262765, #247057)
This also fixes the potential security concerns with logging to /tmp
as logging to /tmp should never happen now. (Closes: #292420)
For all users, the default configuration file is
/etc/razor/razor-agent.conf unless this file does not exist.
Any user, including root, can override this default by creating a
file ~/.razor/razor-agent.conf. If the latter file exists, then the
file in /etc will be ignored. Note that this behaviour is different
to previous versions of razor.
* Patches to support tainting have been included upstream and are no longer
applied specifically for debian.
* Mentions syslog in man page (Closes: #278981)
* No known missing dependencies (Closes: #271809) -- reopen if you know any
* Logcheck from <[EMAIL PROTECTED]> is included (Closes #270559).
It has not been enabled by default mostly because razor does not use
syslog by default so I'd rather not rotate a log file that probably does
not exist.
* Better timeouts when the servers are unavailable. This still isn't
totally fixed but I think it is sufficiently fixed to close the bug
reports. To summarise: Networks are unreliable and sometimes cloudmark
will be down, but sometimes it is just slow. Razor waits a while and then
gives up. Some programs get impatient and terminate razor while it is
still waiting. (Closes: #213227, #176013)
Files:
0a1f1dff79e459c9a5efa2e432f8d749 669 mail optional razor_2.670-1.dsc
0118b6030ea261ea85e73a55cc7eac8e 86705 mail optional razor_2.670.orig.tar.gz
f340258b53c038ab73acf715130d16be 10364 mail optional razor_2.670-1.diff.gz
4c726fb7335233bbde84acae2dbed832 117332 mail optional razor_2.670-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCCnqXi5A0ZsG8x8cRAkRsAKCVqFV+0O0r/jouA0VY+G6DnXO7UgCfXur1
Zae3m0aFFDpfk6OkpE+/mhw=
=SwcJ
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
