108166 – sys-apps/portage: dispatch-conf information leak through log file

Bug 108166 - sys-apps/portage: dispatch-conf information leak through log file

Summary: sys-apps/portage: dispatch-conf information leak through log file

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A4 [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-10-05 03:57 UTC by TGL
Modified:	2005-10-06 12:52 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
dispatch-conf--chmod_log_file.patch (dispatch-conf--chmod_log_file.patch,952 bytes, patch) 2005-10-05 03:58 UTC, TGL	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description TGL 2005-10-05 03:57:03 UTC

Dispatch-conf (both portage stable and SVN trunk) can include in its log file
some chunks of config that should be hidden from non-root users. Test case is as
follows:

 - install a dummy package whith a 0600 /etc/secret_password config file:
=========================================================
# This is your secret, don't show it to users
password="your_password"
=========================================================

 - set your password

 - bump the package with an improved config file:
=========================================================
# This is your secret, don't show it to users
# Oh, and don't update it with dispatch-conf!
password="your_password"
=========================================================

 - update it with dispatch-conf

 - read the 0644 /var/log/dispatch-conf.log file:
=========================================================
--- /etc/secret_password      2005-10-05 12:22:42.000000000 +0200
+++ /etc/._mrg0000_secret_password    2005-10-05 12:23:32.000000000 +0200
@@ -1,2 +1,3 @@
 # This is your secret, don't show it to users
+# Oh, and don't update it with dispatch-conf!
 password="my_secret_password"
=========================================================


The attached patch prevent that by chmoding the log file 0600.

Reproducible: Always
Steps to Reproduce:

Comment 1 TGL 2005-10-05 03:58:14 UTC

Created attachment 69908 [details, diff]
dispatch-conf--chmod_log_file.patch

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-10-05 06:10:09 UTC

Current portage stable should be updated with TGL's patch.

Comment 3 Jason Stubbs (RETIRED) gentoo-dev

2005-10-05 08:51:50 UTC

Applied. 2.0.53 is nearing stable (1~2 weeks?) and logging is not enabled by   
default, so I'd prefer to wait... Would that be okay?

Comment 4 Jason Stubbs (RETIRED) gentoo-dev

2005-10-05 09:15:03 UTC

Never mind... just applied to stable. 2.0.53_rc4 will be out soon and will have 
the fix as well, but need to wait for the mirrors to catch up.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-05 09:36:26 UTC

Thx Jason. 
 
This one is ready for GLSA decision. I tend to vote NO.

Comment 6 Jason Stubbs (RETIRED) gentoo-dev

2005-10-05 10:04:34 UTC

Not quite, but almost.. When I meant waiting for the mirrors, I meant that I  
need to get the distfile out there before can commit the ebuild. Hence, arch 
should be out soon/already but ~arch will still be a few hours away.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-05 10:11:23 UTC

Arch is what counts, unless Portage is only unstable on some arches:-) Patch  
file was updated in CVS, that is good enough for me.

Comment 8 Tavis Ormandy (RETIRED) gentoo-dev

2005-10-06 12:31:49 UTC

agree with jaervosz, vote NO

Comment 9 solar (RETIRED) gentoo-dev

2005-10-06 12:36:05 UTC

info leaks are low priority. no vote also.

Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-06 12:52:23 UTC

Thx for the report TGL. 
 
Closing without GLSA. Feel free to reopen if you disagree.