From nobody@FreeBSD.org  Tue Apr  6 09:46:12 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2E846106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Apr 2010 09:46:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1ECA18FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  6 Apr 2010 09:46:12 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o369kBCc092497
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 6 Apr 2010 09:46:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o369kBvo092496;
	Tue, 6 Apr 2010 09:46:11 GMT
	(envelope-from nobody)
Message-Id: <201004060946.o369kBvo092496@www.freebsd.org>
Date: Tue, 6 Apr 2010 09:46:11 GMT
From: anatoly pugachev <matorola@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: insecure file handling in geoip package
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: dhn@FreeBSD.org

>Number:         145425
>Category:       ports
>Synopsis:       insecure file handling in net/GeoIP
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    scheidell
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 06 09:50:02 UTC 2010
>Closed-Date:    Wed Jul 04 11:23:04 UTC 2012
>Last-Modified:  Wed Jul  4 11:30:11 UTC 2012
>Originator:     anatoly pugachev
>Release:        7.2
>Organization:
>Environment:
FreeBSD host.domain 7.2-STABLE FreeBSD 7.2-STABLE #5: Thu Dec 10 15:57:09 MSK 2009     root@host.domain:/usr/obj/usr/src/sys/IPFGENERIC  amd64

>Description:
Can you please update file /usr/local/bin/geoipupdate.sh
from GeoIP-1.4.6 freebsd package to handle downloaded file in a more secure
manner, i.e with use of mktemp ?

Since this shell script is usually put in cron with root account, attacker
can use unix-symlink attack. Thanks.
>How-To-Repeat:

>Fix:
an example of a new update script:

#!/bin/sh
TMPFILE=`mktemp /tmp/geoip.XXXXXX` || exit 1
fetch -o $TMPFILE http://64.246.48.99/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -dc $TMPFILE > /usr/local/share/GeoIP/GeoIP.dat
rm $TMPFILE

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dhn 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Apr 6 23:13:58 UTC 2010 
Responsible-Changed-Why:  
Fix synopsis and assign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 
Responsible-Changed-From-To: dhn->pgollucci 
Responsible-Changed-By: pgollucci 
Responsible-Changed-When: Mon Feb 13 01:22:36 UTC 2012 
Responsible-Changed-Why:  
committer&maintainer timeout (dhn ; 678 days) / last commit: 1 days ago 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 
Responsible-Changed-From-To: pgollucci->freebsd-ports-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Jun 22 02:26:49 UTC 2012 
Responsible-Changed-Why:  
With bugmeister hat, return to pool due to assignee ENOTIME. 

Note that this PR was already available for commit via maintainer-timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 
Responsible-Changed-From-To: freebsd-ports-bugs->scheidell 
Responsible-Changed-By: scheidell 
Responsible-Changed-When: Wed Jul 4 01:11:51 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 
State-Changed-From-To: open->feedback 
State-Changed-By: scheidell 
State-Changed-When: Wed Jul 4 01:19:05 UTC 2012 
State-Changed-Why:  
Ask for maintainer approval. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 

From: Michael Scheidell <scheidell@FreeBSD.org>
To: bug-followup@freebsd.org, matorola@gmail.com
Cc:  
Subject: Re: ports/145425: insecure file handling in net/GeoIP
Date: Tue, 3 Jul 2012 21:18:47 -0400 (EDT)

 --ELM1341364727-40615-0_
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain; charset="US-ASCII"
 
 Anatoly:  Sorry this got lost in the shuffle, how do you feel about my solution?
 uses no tmp files, just pipes.
 honors make.conf env variable DATADIR anyway.
 (note, this patch is against version 1.4.8, which was updated since your pr of 2 years ago)
 
 -- 
 Michael Scheidell, CTO
 SECNAP Network Security Corporation
 http://people.freebsd.org/~scheidell
 
 ______________________________________________________________________
 This email has been scanned and certified safe by SpammerTrap(r). 
 For Information please see http://www.spammertrap.com/
 ______________________________________________________________________  
   
 --ELM1341364727-40615-0_
 Content-Transfer-Encoding: 7bit
 Content-Type: text/x-patch
 Content-Disposition: attachment; filename="geoip.patch"
 
 Index: Makefile
 ===================================================================
 RCS file: /home/pcvs/ports/net/GeoIP/Makefile,v
 retrieving revision 1.53
 diff -u -r1.53 Makefile
 --- Makefile	22 Feb 2012 20:23:26 -0000	1.53
 +++ Makefile	4 Jul 2012 01:15:56 -0000
 @@ -22,11 +22,13 @@
  
  MAN1=		geoiplookup.1 geoipupdate.1 geoiplookup6.1
  
 +SUB_FILES=	geoipupdate.sh
 +
  run-autotools:
  	@${REINPLACE_CMD} -e '/^LIBTOOL=/s^\$$(top_builddir)/libtool^${LIBTOOL}^g' \
  	${WRKSRC}/aclocal.m4
  
  post-install:
 -	${INSTALL_SCRIPT} ${FILESDIR}/geoipupdate.sh ${PREFIX}/bin/
 +	${INSTALL_SCRIPT} ${WRKDIR}/geoipupdate.sh ${PREFIX}/bin/
  
  .include <bsd.port.mk>
 Index: files/geoipupdate.sh
 ===================================================================
 RCS file: files/geoipupdate.sh
 diff -N files/geoipupdate.sh
 --- files/geoipupdate.sh	22 Feb 2012 20:23:27 -0000	1.3
 +++ /dev/null	1 Jan 1970 00:00:00 -0000
 @@ -1,5 +0,0 @@
 -#!/bin/sh
 -cd /tmp
 -fetch http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
 -gunzip GeoIP.dat.gz
 -mv -f GeoIP.dat /usr/local/share/GeoIP
 Index: files/geoipupdate.sh.in
 ===================================================================
 RCS file: files/geoipupdate.sh.in
 diff -N files/geoipupdate.sh.in
 --- /dev/null	1 Jan 1970 00:00:00 -0000
 +++ files/geoipupdate.sh.in	4 Jul 2012 01:15:56 -0000
 @@ -0,0 +1,2 @@
 +#!/bin/sh
 +fetch -o - http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz | gunzip > %%DATADIR%%/GeoIP.dat
 
 --ELM1341364727-40615-0_--

From: Anatoly Pugachev <matorola@gmail.com>
To: Michael Scheidell <scheidell@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: ports/145425: insecure file handling in net/GeoIP
Date: Wed, 4 Jul 2012 10:42:16 +0400

 Michael,
 
 On Wed, Jul 4, 2012 at 5:18 AM, Michael Scheidell <scheidell@freebsd.org> wrote:
 > Anatoly:  Sorry this got lost in the shuffle, how do you feel about my solution?
 > uses no tmp files, just pipes.
 > honors make.conf env variable DATADIR anyway.
 > (note, this patch is against version 1.4.8, which was updated since your pr of 2 years ago)
 
 I'm ok with your proposal fix, but it would be nice to also have a
 check for return code of fetch, so we accidentally not overwrite a
 good/consistent GeoIP.dat
 
 Thanks!

From: Michael Scheidell <scheidell@FreeBSD.org>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Fwd: Re: ports/145425: insecure file handling in net/GeoIP
Date: Wed, 4 Jul 2012 07:17:32 -0400

 Didn't make it to bug-followup, so forwarding it
 
 -------- Original Message --------
 Subject: 	Re: ports/145425: insecure file handling in net/GeoIP
 Date: 	Wed, 4 Jul 2012 06:54:13 +0200
 From: 	Dennis Herrmann <dhn@FreeBSD.org>
 To: 	<scheidell@FreeBSD.org>
 
 
 
 scheidell@FreeBSD.org writes:
 >  Synopsis: insecure file handling in net/GeoIP
 >
 >  State-Changed-From-To: open->feedback
 >  State-Changed-By: scheidell
 >  State-Changed-When: Wed Jul 4 01:19:05 UTC 2012
 >  State-Changed-Why:
 >  Ask for maintainer approval.
 >
 >  http://www.freebsd.org/cgi/query-pr.cgi?pr=145425
 >
 
 Yeah looks good ;) approve!
 
 -dhn
 
State-Changed-From-To: feedback->closed 
State-Changed-By: scheidell 
State-Changed-When: Wed Jul 4 11:23:03 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145425 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/145425: commit references a PR
Date: Wed,  4 Jul 2012 11:23:03 +0000 (UTC)

 scheidell    2012-07-04 11:22:49 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net/GeoIP            Makefile 
   Added files:
     net/GeoIP/files      geoipupdate.sh.in 
   Removed files:
     net/GeoIP/files      geoipupdate.sh 
   Log:
   - Fix insecure handling of GeoIP download file
   - Bump PORTREVISION since we change package
   
   PR:             ports/145425
   Submitted by:   anatoly pugachev <matorola@gmail.com>
   Approved by:    dhn@ (maintainer)
   
   Revision  Changes    Path
   1.54      +4 -2      ports/net/GeoIP/Makefile
   1.4       +0 -5      ports/net/GeoIP/files/geoipupdate.sh (dead)
   1.1       +2 -0      ports/net/GeoIP/files/geoipupdate.sh.in (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
