[Pkg-freeipmi-devel] Bug#690040: freeipmi: Build with PIE, bindnow, openfiles with O_EXCL and check return status

Albert Chu chu11 at llnl.gov
Tue Oct 9 22:28:26 UTC 2012 

>   * debian/patches/0002_excel_when_opening_tmp.patch: Open files with
O_EXCL.

Sorry, I think I got confused when I first read this and the code.

Now that I'm looking through the code, the debug data is dumped
to /var/log/ipmiconsole.  It's only when FreeIPMI is being compiled in
debug/developer mode that files are temporarily stored in /tmp.  So we
shouldn't consider the storage of files into /tmp the normal
production/release case.

So I'm even more confused now on the need for O_EXCL.  The production
case is exactly what you'd want.  Files stored into /var/log/ipmiconsole
and already existing is ok.

Al

On Tue, 2012-10-09 at 18:00 -0400, Yaroslav Halchenko wrote:
> On Tue, 09 Oct 2012, Albert Chu wrote:
> > > > Hmmmm. What would be the best thing to do?  I'm actually liking the idea
> > > > of dumping to the current working directory, so that it's the
> > > > responsibility of the developer to know what they are doing with this
> > > > option.
> 
> > > and you are the boss here -- then O_EXCL should still be kinda useful
> > > to preclude those evil acts as far as I see it -- the "developer" might
> > > end up in /tmp after some wonder-abouts ;)
> 
> > > alternatively -- debug output filename could make use of mkstemp to
> > > craft a unique filename
> 
> > Ahhh, never knew of mkstemp before.  I'll have to add that to memory :P
> > I was just thinking of adding a PID to the filename, so the developer
> > knows which run created the debug dumps.
> 
> PIDs are indeed good but considered "not random enough" to prevent such
> types of attacks since the range of available PIDs is quite finite (not
> to say that it could be narrowed down quite a bit).   I think it might
> work if you do not like random names -- if it was e.g.
> 
> ipmiconsole_<PID>_<DATETIMESTAMP>.log
> 
> that would be very descriptive and unlikely to serve as a vector of an
> attack. and it if manages to exist (i.e. with O_EXCL) -- you would
> definitely know that you are under attack ;)
> 
-- 
Albert Chu
chu11 at llnl.gov
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory

More information about the Pkg-freeipmi-devel mailing list