Bug 69147

Summary:	sys-apps/portage: Two symlink vulnerabilities in dispatch-conf
Product:	Gentoo Security	Reporter:	Jason Stubbs (RETIRED) <jstubbs>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	dev-portage, ferringb
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:	A3 [glsa] jaervosz
Package list:		Runtime testing required:	---
Bug Depends on:	70282
Bug Blocks:	68846

Description Jason Stubbs (RETIRED) gentoo-dev

2004-10-27 08:05:51 UTC

The first vulnerability is due to a hard-coded of /tmp/dispatch-conf.changes. On startup this file is safely moved to dispatch-conf.changes.old if it exists, but a user can create a symlink between that time and when the log is first written to. Fixed it by making it a config option and disabling it by default.

The second vulnerability is created by dispatch-conf's use of "dispatch-conf.$(pidof dispath-conf)" for it's temporary files. Fixed this by safely creating a directory in and doing all work in there instead.

Changes are in CVS and will go out in portage-2.0.51-r3.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-01 14:07:37 UTC

portage team please provide a patched ebuild.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-05 02:53:22 UTC

Using this bug for stable marking.

Arches please do not mark stable directly but test as per Nicholas request below.

Snip form Nicholas aka carpaski on bug #69137 :

portage-2.0.51-r3 (dispatch-conf, sandbox, and dohtml-for-python2.2)

Arches please report back bugs/problems/success rather than
directly bumping for your arch.

Comment 3 Jochen Maes (RETIRED) gentoo-dev

2004-11-05 04:40:50 UTC

i'm running and testing for ppc

Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev

2004-11-05 07:42:16 UTC

testing on sparc, so far so good.

Comment 5 Markus Rothe (RETIRED) gentoo-dev

2004-11-05 12:45:21 UTC

no problems on ppc64 so far...

Markus

Comment 6 Simon Stelling (RETIRED) gentoo-dev

2004-11-05 13:48:45 UTC

looks good so far on amd64

Comment 7 Bryan Østergaard (RETIRED) gentoo-dev

2004-11-05 15:42:40 UTC

Looks good on alpha.

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-07 03:20:52 UTC

thx carpaski:

[01:43:02] <carpaski> I kicked -r3 into stable.

Removing arches from CC.

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-07 04:28:49 UTC

Hmmm now dispatch-conf starts failing for me (u option).

Jason will you look into this?


dispatch-conf
diff: extra operand `/etc/piwi/Filters/._cfg0000_High'
diff: Try `diff --help' for more information.

>> (1 of 1) -- /etc/piwi/Filters/High severity.flt
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
   m merge, t toggle-merge, l look-merge:
Traceback (most recent call last):
  File "/usr/sbin/dispatch-conf", line 309, in ?
    d.grind (portage.settings ['CONFIG_PROTECT'])
  File "/usr/sbin/dispatch-conf", line 208, in grind
    self.replace(newconf, conf ['current'])
  File "/usr/sbin/dispatch-conf", line 222, in replace
    os.system((DIFF_CONTENTS % (curconf, newconf)) + '>>' + self.config["log-file"])
AttributeError: dispatch instance has no attribute 'config'

Comment 10 Jason Stubbs (RETIRED) gentoo-dev

2004-11-07 04:51:19 UTC

Yep. Found and fixed.

Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-07 08:10:46 UTC

Thx for the quick fix, you might wanna bump to r4.

This one is ready for GLSA

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-11-07 10:51:26 UTC

GLSA 200411-13