From roflipv6@lucy.0x60.org  Fri Mar  6 16:52:06 2009
Return-Path: <roflipv6@lucy.0x60.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3D0B8106566C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Mar 2009 16:52:06 +0000 (UTC)
	(envelope-from roflipv6@lucy.0x60.org)
Received: from lucy.0x60.org (unknown [IPv6:2001:470:1f0a:a6c:dead::1])
	by mx1.freebsd.org (Postfix) with ESMTP id AF3B98FC15
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Mar 2009 16:52:05 +0000 (UTC)
	(envelope-from roflipv6@lucy.0x60.org)
Received: from lucy.0x60.org (roflipv6@localhost [127.0.0.1])
	by lucy.0x60.org (8.14.2/8.14.2) with ESMTP id n26GtRax083478;
	Fri, 6 Mar 2009 16:55:27 GMT
	(envelope-from roflipv6@lucy.0x60.org)
Received: (from roflipv6@localhost)
	by lucy.0x60.org (8.14.2/8.14.2/Submit) id n26GtRHa083477;
	Fri, 6 Mar 2009 16:55:27 GMT
	(envelope-from roflipv6)
Message-Id: <200903061655.n26GtRHa083477@lucy.0x60.org>
Date: Fri, 6 Mar 2009 16:55:27 GMT
From: Lucio Andrés Illanes Albornoz <l.illanes@gmx.de>
Reply-To: Lucio Andrés Illanes Albornoz <l.illanes@gmx.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: l.illanes@gmx.de
Subject: {less,more}(1) fchmod(2) `/dev/null' to 0600 under certain conditions
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         132367
>Category:       bin
>Synopsis:       [patch] less(1)/more(1) fchmod(2) `/dev/null' to 0600 under certain conditions
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 06 17:00:11 UTC 2009
>Closed-Date:    Mon Nov 15 18:26:47 UTC 2010
>Last-Modified:  Mon Nov 15 18:26:47 UTC 2010
>Originator:     Lucio Albornoz
>Release:        FreeBSD 7.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD aynur.local 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1 14:37:25 UTC 2009     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
{less,more}(1) from the contrib/ tree implement command history saving
which occurs on program exit if the latter has been touched and modified.
Presence of a path name in the `LESSHISTFILE' environment variable pointing
to a file or, in case the variable isn't set or empty, the fallback default
of `${HOME}/.lesshst' (the former overriding the latter,) will direct
the program to
1) fchmod(2) the file to 0600 for security reasons, and
2) Save the non-empty command history.
Only `/dev/null' being set in the environment variable will prevent both.
However, if `${HOME}/.lesshst' is a symbolic link pointing to `/dev/null',
then {less,more}(1) running under superuser credentials will render the
null(4) character device file useless for everyone else.

The attached patch introduces special-case semantics for the last case of
the default file name being a symbolic link to `/dev/null' by skipping
command history saving entirely.
>How-To-Repeat:
# ln -sf /dev/null ~/.lesshst
# less -f /dev/null            # Or any other file
/null                          # Or any other command
q
#                              # /dev/null would be 0600'd by now
>Fix:
This here patch, applied within src/usr.bin/less:

--- cmdbuf.c.orig	2009-03-06 16:53:03.151960882 +0100
+++ cmdbuf.c	2009-03-06 17:23:56.884968001 +0100
@@ -1324,6 +1324,8 @@
 	char *home;
 	char *name;
 	int len;
+	char devnull_name[10];
+	size_t devnull_size = sizeof(devnull_name);
 	
	/* See if filename is explicitly specified by $LESSHISTFILE. */
	name = lgetenv("LESSHISTFILE");
@@ -1348,6 +1350,11 @@
	len = strlen(home) + strlen(LESSHISTFILE) + 2;
	name = (char *) ecalloc(len, sizeof(char));
	SNPRINTF2(name, len, "%s/%s", home, LESSHISTFILE);
+
+	if(readlink(name, &(devnull_name[0]), devnull_size) == (devnull_size - 1) &&
+	   strncmp(&(devnull_name[0]), "/dev/null", (devnull_size - 1)) == 0)
+		return (NULL);
+
 	return (name);
 }
 #endif /* CMD_HISTORY */
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Oct 18 10:47:36 UTC 2010 
Responsible-Changed-Why:  
Xin, can you see if this is something you can do with? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=132367 
State-Changed-From-To: open->closed 
State-Changed-By: delphij 
State-Changed-When: Mon Nov 15 18:24:03 UTC 2010 
State-Changed-Why:  
FreeBSD 7-STABLE have a better fix and this have been 
fixed in all other supported branches as well. 

FreeBSD 7.4-RELEASE will include the fix, so close this 
PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=132367 
>Unformatted:
