diff options
author | Alexander Naumov <alexander_naumov@opensuse.org> | 2017-02-06 22:50:03 +0100 |
---|---|---|
committer | Alexander Naumov <alexander_naumov@opensuse.org> | 2017-02-06 22:50:03 +0100 |
commit | 1c6d2817926d30c9a7a97d99af7ac5de4a5845b8 (patch) | |
tree | ea4c4c282357ae33d804e0dc288c9105a348e8d4 | |
parent | 6e60d12bb2e587d1af803adf74e68b6c0b3f0dc7 (diff) | |
download | screen-1c6d2817926d30c9a7a97d99af7ac5de4a5845b8.tar.gz |
CVE-2017-5618: secure open/close logfile
bug #50142
Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
-rw-r--r-- | src/ChangeLog | 4 | ||||
-rw-r--r-- | src/screen.c | 23 |
2 files changed, 20 insertions, 7 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index df6073d..929e7f3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +Version 4.5.1 (XX/02/2017): + *Fixes: + - logfile permissions problem (CVE-2017-5618) + Version 4.5.0 (10/12/2016): * Allow specifying logfile's name via command line parameter '-L' * Fixes: diff --git a/src/screen.c b/src/screen.c index 9e1072a..b03a66d 100644 --- a/src/screen.c +++ b/src/screen.c @@ -109,7 +109,7 @@ # include <shadow.h> #endif /* SHADOWPW */ -#include "logfile.h" /* islogfile, logfflush */ +#include "logfile.h" /* islogfile, logfflush, logfopen/logfclose */ #ifdef DEBUG FILE *dfp; @@ -497,6 +497,11 @@ int main(int ac, char** av) af = AF_UNSPEC; #endif + real_uid = getuid(); + real_gid = getgid(); + eff_uid = geteuid(); + eff_gid = getegid(); + logreopen_register(lf_secreopen); av0 = *av; /* if this is a login screen, assume -RR */ @@ -667,17 +672,25 @@ int main(int ac, char** av) break; case 'L': - if (--ac > 0 && !strcmp(*++av, "logfile")) { + if (--ac > 1 && !strcmp(*++av, "logfile")) { *++av; // Now '*av' is a logfile parameter + --ac; if (strlen(*av) > PATH_MAX) Panic(1, "-L: logfile name too long. (max. %d char)", PATH_MAX); - if (*av[0] == '-') Panic(0, "-L: logfile name can not start with \"-\" symbol"); screenlogfile = SaveStr(*av); } + + struct Log *w_check; + if ((w_check = logfopen(screenlogfile, islogfile(screenlogfile) ? NULL : secfopen(screenlogfile, "a"))) == NULL) + Panic(0, "-L: logfile name access problem"); + else + if (logfclose (w_check)) //logfclose does free() + Panic(0, "-L: logfile is broken..."); + nwin_options.Lflag = 1; break; @@ -787,10 +800,6 @@ int main(int ac, char** av) else break; } - real_uid = getuid(); - real_gid = getgid(); - eff_uid = geteuid(); - eff_gid = getegid(); #ifdef SIGBUS /* OOPS, linux has no bus errors! */ signal(SIGBUS, CoreDump); |