[pkg-fetchmail-maint] Bug#452907: .fetchmailrc not permitted to be a symlink

Roger Leigh rleigh at whinlatter.ukfsn.org
Mon Nov 26 21:55:38 UTC 2007 

Nico Golde <nion at debian.org> writes:

> Hi Roger,
> * Roger Leigh <rleigh at debian.org> [2007-11-26 12:01]:
>> % fetchmail
>> File /home/rleigh/.fetchmailrc must be a regular file.
>> 
>> % pwd
>> /home/rleigh
>> 
>> % ls -l /home/rleigh/.fetchmailrc
>> lrwxrwxrwx 1 rleigh rleigh 15 2007-11-25 17:14 /home/rleigh/.fetchmailrc -> etc/fetchmailrc
>> 
>> % ls -l /home/rleigh/etc/fetchmailrc
>> -rw------- 1 rleigh rleigh 1057 2005-05-29 13:12 /home/rleigh/etc/fetchmailrc
>> 
>> I keep all my "dotfiles" in /home/rleigh/etc under revision control
>> (git) to allow synchronisation between different systems.  There's
>> no reason why a symlink shouldn't be allowed here (though
>> pipe/device/socket devices etc. are legitimately not useful).
>> 
>> 
>> If this could be fixed and/or forwarded upstream if appropriate, that
>> would be super.
>
> I had a short converstation about this with upstream. I 
> could patch this with:
> --- rcfile_y.y  2007-11-26 13:08:52.000000000 +0100
> +++ rcfile_y.y.new      2007-11-26 13:08:50.000000000 +0100
> @@ -414,7 +414,7 @@
>  
>      if (!securecheck)  return PS_SUCCESS;
>  
> -    if (!S_ISREG(statbuf.st_mode))
> +    if (!S_ISREG(statbuf.st_mode) || !S_ISLNK(statbuf.st_mode))
>      {
>         fprintf(stderr, GT_("File %s must be a regular file.\n"), pathname);
>         return(PS_IOERR);
>
> But this could introduce some race condition with permission or uid
> checks. This behaviour also prevents symlink attacks :)

I'm not sure I see why, given that this is a config file--we aren't
writing to it, which would be a case for a symlink attack.

I'm unsure why fetchmail doesn't avoid the race altogether, by
open()ing the file first, and then calling fstat().  This is race free
because there's no delay between the stat and the open; the
information is coming straight from the inode of the open fd.

> So we suggest to workaround this by either adding a hardlink (if this works with git internals)
> or executing -f - <"${HOME}/.fetchmailrc".

Hardlinking won't work.  The latter is a good idea--I'll try that in
the meantime.


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20071126/15cf01f7/attachment.pgp

More information about the pkg-fetchmail-maint mailing list