From sheldonh@axl.seasidesoftware.co.za  Thu Apr  4 01:03:11 2002
Return-Path: <sheldonh@axl.seasidesoftware.co.za>
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id BBE7837B417
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Apr 2002 01:03:09 -0800 (PST)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 16t3Cb-0004vC-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 04 Apr 2002 11:06:41 +0200
Message-Id: <18921.1017911201@axl.seasidesoftware.co.za>
Date: Thu, 04 Apr 2002 11:06:41 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
Sender: Sheldon Hearn <sheldonh@axl.seasidesoftware.co.za>
Reply-To: Sheldon Hearn <sheldonh@starjuice.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] newsyslog ownership race condition
X-Send-Pr-Version: 3.2

>Number:         36738
>Category:       bin
>Synopsis:       [PATCH] newsyslog ownership race condition
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    sheldonh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 04 01:10:01 PST 2002
>Closed-Date:    Tue Apr 16 06:01:22 PDT 2002
>Last-Modified:  Tue Apr 16 06:01:22 PDT 2002
>Originator:     Sheldon Hearn
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Seaside Software
>Environment:

	All known versions of FreeBSD (problem existed in rev 1.1 of
	newsyslog.c).

>Description:

	The newsyslog(8) configuration syntax allows for specification
	of the ownership of created files.  However, files are created
	owned by the user running the program.  Ownership is changed
	very soon after, but there is a brief period during which the
	ownership of the file does not match the specification provided
	in the configuration file.

>How-To-Repeat:

	I hit this race condition frequently on a very busy MTA server,
	where MTA processes get "permission denied" trying to write to
	their log file just as it's being rotated by newsyslog(8).

>Fix:

	The following patch solves the problem.  OpenBSD have already
	addressed this problem in their rev 1.26 of newsyslog.c, but
	the scope of that patch is wider, so I include this simple fix
	in case nobody's up to grabbing OpenBSD's patch.

	If nobody steps up to the plate to incorporate the fix from
	OpenBSD, I'll apply my patch some time soon, say in two weeks.
	Let me know if you want to do this but need more than two weeks,
	so we can avoid stepping on each other's toes.

Index: newsyslog.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v
retrieving revision 1.40
diff -u -d -r1.40 newsyslog.c
--- newsyslog.c	2 Apr 2002 12:03:16 -0000	1.40
+++ newsyslog.c	4 Apr 2002 08:37:45 -0000
@@ -513,6 +513,7 @@
 	char file1[MAXPATHLEN], file2[MAXPATHLEN];
 	char zfile1[MAXPATHLEN], zfile2[MAXPATHLEN];
 	char jfile1[MAXPATHLEN];
+	char tfile[MAXPATHLEN];
 	int notified, need_notification, fd, _numdays;
 	struct stat st;
 	pid_t pid;
@@ -644,20 +645,28 @@
 	if (noaction)
 		printf("Start new log...");
 	else {
-		fd = creat(log, perm);
+		strlcpy(tfile, log, sizeof(tfile));
+		strlcat(tfile, ".XXXXXX", sizeof(tfile));
+		mkstemp(tfile);
+		fd = creat(tfile, perm);
 		if (fd < 0)
 			err(1, "can't start new log");
 		if (fchown(fd, owner_uid, group_gid))
 			err(1, "can't chmod new log file");
 		(void) close(fd);
 		if (!(flags & CE_BINARY))
-			if (log_trim(log))	/* Add status message */
+			if (log_trim(tfile))	/* Add status message */
 				err(1, "can't add status message to log");
 	}
 	if (noaction)
 		printf("chmod %o %s...\n", perm, log);
-	else
-		(void) chmod(log, perm);
+	else {
+		(void) chmod(tfile, perm);
+		if (rename(tfile, log) < 0) {
+			err(1, "can't start new log");
+			(void) unlink(tfile);
+		}
+	}
 
 	pid = 0;
 	need_notification = notified = 0;
>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@ringlet.net>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/36738: [PATCH] newsyslog ownership race condition
Date: Thu, 4 Apr 2002 12:17:39 +0300

 On Thu, Apr 04, 2002 at 11:06:41AM +0200, Sheldon Hearn wrote:
 > 
 > >Number:         36738
 > >Category:       bin
 > >Synopsis:       [PATCH] newsyslog ownership race condition
 > >Originator:     Sheldon Hearn
 > >Environment:
 > 
 > 	All known versions of FreeBSD (problem existed in rev 1.1 of
 > 	newsyslog.c).
 [snip]
 > Index: newsyslog.c
 > ===================================================================
 > @@ -644,20 +645,28 @@
 >  	if (noaction)
 >  		printf("Start new log...");
 >  	else {
 > -		fd = creat(log, perm);
 > +		strlcpy(tfile, log, sizeof(tfile));
 > +		strlcat(tfile, ".XXXXXX", sizeof(tfile));
 > +		mkstemp(tfile);
 
 Minor comment: the two strl*() invocations could be replaced
 with a single snprintf().  Still, I could see how compatibility
 with OpenBSD might be important here, not to speak of the fact
 that an snprintf() might actually prove to be a mite slower :)
 
 Other than that, this looks fine, and useful, too!
 
 G'luck,
 Peter
 
 -- 
 Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 What would this sentence be like if pi were 3?
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Tue Apr 16 06:00:11 PDT 2002 
State-Changed-Why:  
Committed as rev 1.41 and MFC'd as rev 1.25.2.7 in time for 4.6-RELEASE. 


Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Apr 16 06:00:11 PDT 2002 
Responsible-Changed-Why:  
My baby. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=36738 
>Unformatted:
