From frf@xocolatl.com  Wed Jul 24 10:06:20 2002
Return-Path: <frf@xocolatl.com>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ECF5A37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Jul 2002 10:06:20 -0700 (PDT)
Received: from mleko.xocolatl.com (xocolatl.com [216.240.48.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9031943E3B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Jul 2002 10:06:20 -0700 (PDT)
	(envelope-from frf@xocolatl.com)
Received: from mleko.xocolatl.com (localhost [127.0.0.1])
	by mleko.xocolatl.com (8.12.5/8.12.5) with ESMTP id g6OH6KoW090931
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Jul 2002 10:06:20 -0700 (PDT)
	(envelope-from frf@mleko.xocolatl.com)
Received: (from frf@localhost)
	by mleko.xocolatl.com (8.12.5/8.12.5/Submit) id g6OH6K6k090930;
	Wed, 24 Jul 2002 10:06:20 -0700 (PDT)
	(envelope-from frf)
Message-Id: <200207241706.g6OH6K6k090930@mleko.xocolatl.com>
Date: Wed, 24 Jul 2002 10:06:20 -0700 (PDT)
From: frf <frf@xocolatl.com>
Reply-To: frf <frf@xocolatl.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: periodic security leaves tmp files behind
X-Send-Pr-Version: 3.113
X-GNATS-Notify: ru

>Number:         40960
>Category:       bin
>Synopsis:       periodic security leaves tmp files behind
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    cjc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 24 10:10:04 PDT 2002
>Closed-Date:    Wed Aug 28 14:17:10 PDT 2002
>Last-Modified:  Wed Aug 28 14:17:10 PDT 2002
>Originator:     frf@xocolatl.com
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
>Environment:
System: FreeBSD mleko.xocolatl.com 4.6-STABLE FreeBSD 4.6-STABLE


>Description:
Most of the scripts in /etc/periodic/security use mktemp to create
temp files, and then they go into a case statement to decide if the
body of the script should be run. If the "case" is YES, then the
tempfile is removed at the bottom of the statement. If the "case"
is "not YES", the 'rm -f ${TMP} is never reached and a zero length
temp file remains behind after the script exits.

>How-To-Repeat:
Change YES to NO for any of the "periodic security" options that
create a temp file

>Fix:
move the TMP=`mktemp` bit inside the case statement (preferred)
duplicate the rm $TMP for the default case
move the rm $TMP outside the case statement
>Release-Note:
>Audit-Trail:

From: frf <frf@xocolatl.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/40960: periodic security leaves tmp files behind
Date: Wed, 24 Jul 2002 14:29:04 -0700 (PDT)

 Here's a patch...
 
 
 +++ security/100.chksetuid	Wed Jul 24 14:19:44 2002
 @@ -35,12 +35,12 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  LOG="${daily_status_security_logdir}"
  rc=0
  
  case "$daily_status_security_chksetuid_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	echo ""
  	echo 'Checking setuid files and devices:'
  	# XXX Note that there is the possibility of overrunning the args to ls
 +++ security/200.chkmounts	Wed Jul 24 14:20:00 2002
 @@ -38,13 +38,13 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  LOG="${daily_status_security_logdir}"
  ignore="${daily_status_security_chkmounts_ignore}"
  rc=0
  
  case "$daily_status_security_chkmounts_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	case "$daily_status_security_noamd" in
  	    [Yy][Ee][Ss])
  		ignore="${ignore}|^amd:"
 +++ security/500.ipfwdenied	Wed Jul 24 14:20:27 2002
 @@ -39,12 +39,12 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  LOG="${daily_status_security_logdir}"
  rc=0
  
  case "$daily_status_security_ipfwdenied_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
  	    if [ ! -f ${LOG}/ipfw.today ]; then
  		rc=1
 +++ security/550.ipfwlimit	Wed Jul 24 14:20:40 2002
 @@ -38,11 +38,11 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  rc=0
  
  case "$daily_status_security_ipfwlimit_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null`
  	if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then
  	    ipfw -a l | grep " log " | perl -n -e \
 +++ security/600.ip6fwdenied	Wed Jul 24 14:20:53 2002
 @@ -38,12 +38,12 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  LOG="${daily_status_security_logdir}"
  rc=0
  
  case "$daily_status_security_ip6fwdenied_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
  	    if [ ! -f ${LOG}/ip6fw.today ]; then
  		rc=1
 +++ security/650.ip6fwlimit	Wed Jul 24 14:21:09 2002
 @@ -38,11 +38,11 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  rc=0
  
  case "$daily_status_security_ip6fwlimit_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null`
  	if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then
  	    ip6fw -a l | grep " log " | perl -n -e \
 +++ security/700.kernelmsg	Wed Jul 24 14:21:17 2002
 @@ -38,12 +38,12 @@
      source_periodic_confs
  fi
  
 -TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  LOG="${daily_status_security_logdir}"
  rc=0
  
  case "$daily_status_security_kernelmsg_enable" in
      [Yy][Ee][Ss])
 +	TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
  	if dmesg 2>/dev/null > ${TMP}; then
  	    if [ ! -f ${LOG}/dmesg.today ]; then
  		rc=1
 
 => Thank you very much for your problem report.
 => It has the internal identification `bin/40960'.
 => The individual assigned to look at your
 => report is: freebsd-bugs. 
 => 
 => You can access the state of your problem report at any time
 => via this link:
 => 
 => http://www.freebsd.org/cgi/query-pr.cgi?pr=40960
 => 
 => >Category:       bin
 => >Responsible:    freebsd-bugs
 => >Synopsis:       periodic security leaves tmp files behind
 => >Arrival-Date:   Wed Jul 24 10:10:04 PDT 2002
 => 
 
 -- 
 frf@xocolatl.com   39:FF:7C:52:66:9D:B9:A3  EA:67:3C:7F:D1:B6:30:36	
 
 
 
  Sorry.  I forget what I was going to say.
Responsible-Changed-From-To: freebsd-bugs->cjc 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Jul 24 17:43:55 PDT 2002 
Responsible-Changed-Why:  
Crist's babe. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40960 
State-Changed-From-To: open->patched 
State-Changed-By: cjc 
State-Changed-When: Sat Aug 24 21:09:30 PDT 2002 
State-Changed-Why:  
Fixed in -CURRENT. Will MFC in three days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40960 
State-Changed-From-To: patched->closed 
State-Changed-By: cjc 
State-Changed-When: Wed Aug 28 14:16:38 PDT 2002 
State-Changed-Why:  
MFC'ed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40960 
>Unformatted:
