tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2012-03-01 Koichiro Kikuchi <koichiro@rworks.jp> 

* pandora_agent: Added symlink checks for temporary files before writing
	 them to avoid symlink attacks.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5679 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
koichirok 2012-03-01 10:38:10 +00:00
parent e7d6df7c5d
commit f5b84eabaa
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_agents/unix/ChangeLog
View File

@ -1,3 +1,8 @@
2012-03-01 Koichiro Kikuchi <koichiro@rworks.jp>
* pandora_agent: Added symlink checks for temporary files before writing
them to avoid symlink attacks.
2012-02-29 Ramon Novoa <rnovoa@artica.es>
* Linux/pandora_agent.conf: Added a warning text. Thanks to Koichiro.

11
pandora_agents/unix/pandora_agent
View File

@ -694,8 +694,8 @@ sub send_buffered_xml_files () {
opendir(TEMPORAL, $Conf{'temporal'}) or return;
while (my $xml_file = readdir(TEMPORAL)) {
# Skip non data files
next unless ($xml_file =~ m/\.data$/);
# Skip symlink and non data files
next if (-l $xml_file || $xml_file !~ m/\.data$/);
send_file ($xml_file, 1);
}
@ -763,6 +763,11 @@ sub check_remote_config () {
my $conf_md5 = md5 (join ('', <CONF_FILE>));
close (CONF_FILE);
# Remove temporary files if they exist as symlink to avoid symlink attack
for my $file (qw("$Conf{'temporal'}/$RemoteMD5File" "$Conf{'temporal'}/$RemoteConfFile")) {
error ("File '$file' already exists as a symlink and could not be removed: $!") if (-l $file && ! unlink($file));
}
# Get the remote MD5 file
if (recv_file ($RemoteMD5File) != 0) {
open (MD5_FILE, "> $Conf{'temporal'}/$RemoteMD5File") || error ("Could not open file '$ConfDir/$RemoteMD5File' for writing: $!.");
@ -862,6 +867,7 @@ sub check_collections () {
}
# Get remote md5
error ("File '$Conf{'temporal'}/$collection_md5_file' already exists as a symlink and could not be removed: $!.") if (-l "$Conf{'temporal'}/$collection_md5_file" && !unlink("$Conf{'temporal'}/$collection_md5_file"));
next unless (recv_file ($collection_md5_file) == 0);
open (MD5_FILE, "< $Conf{'temporal'}/$collection_md5_file") || error ("Could not open file '$Conf{'temporal'}/$collection_md5_file' for reading: $!.");
my $remote_collection_md5 = <MD5_FILE>;
@ -1926,6 +1932,7 @@ while (1) {
# Save XML data file
my $temp_file = $Conf{'temporal'} . '/' . $Conf{'agent_name'} . '.' . time () . '.data';
error ("File '$temp_file' already exists as a symlink and could not be removed: $!") if (-l $temp_file && !unlink($temp_file));
open (TEMP_FILE, "> $temp_file") || error ("Could not write XML data file: $!");
print TEMP_FILE $Xml;
close (TEMP_FILE);