From f5b84eabaa69be3a0b95c75e0ea8103b9bca3b65 Mon Sep 17 00:00:00 2001
From: koichirok <koichiro@rworks.jp>
Date: Thu, 1 Mar 2012 10:38:10 +0000
Subject: [PATCH] 2012-03-01  Koichiro Kikuchi  <koichiro@rworks.jp>

	* pandora_agent: Added symlink checks for temporary files before writing
	 them to avoid symlink attacks.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5679 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_agents/unix/ChangeLog     |  5 +++++
 pandora_agents/unix/pandora_agent | 11 +++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/pandora_agents/unix/ChangeLog b/pandora_agents/unix/ChangeLog
index 977705911b..96668de3f1 100644
--- a/pandora_agents/unix/ChangeLog
+++ b/pandora_agents/unix/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-01  Koichiro Kikuchi  <koichiro@rworks.jp>
+
+	* pandora_agent: Added symlink checks for temporary files before writing
+	 them to avoid symlink attacks.
+
 2012-02-29  Ramon Novoa  <rnovoa@artica.es>
 
 	* Linux/pandora_agent.conf: Added a warning text. Thanks to Koichiro.
diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent
index 8aa007b288..0ef84779a0 100755
--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@@ -694,8 +694,8 @@ sub send_buffered_xml_files () {
 	opendir(TEMPORAL, $Conf{'temporal'}) or return;
 	while (my $xml_file = readdir(TEMPORAL)) { 
 	
-		# Skip non data files
-		next unless ($xml_file =~ m/\.data$/);
+		# Skip symlink and non data files
+		next if (-l $xml_file || $xml_file !~ m/\.data$/);
 
 		send_file ($xml_file, 1);
 	}
@@ -763,6 +763,11 @@ sub check_remote_config () {
 	my $conf_md5 = md5 (join ('', <CONF_FILE>));
 	close (CONF_FILE);
 
+	# Remove temporary files if they exist as symlink to avoid symlink attack
+	for my $file (qw("$Conf{'temporal'}/$RemoteMD5File" "$Conf{'temporal'}/$RemoteConfFile"))  {
+		error ("File '$file' already exists as a symlink and could not be removed: $!") if (-l $file && ! unlink($file));
+	}
+
 	# Get the remote MD5 file
 	if (recv_file ($RemoteMD5File) != 0) {
 		open (MD5_FILE, "> $Conf{'temporal'}/$RemoteMD5File") || error ("Could not open file '$ConfDir/$RemoteMD5File' for writing: $!.");
@@ -862,6 +867,7 @@ sub check_collections () {
 		}
 
 		# Get remote md5
+ 		error ("File '$Conf{'temporal'}/$collection_md5_file' already exists as a symlink and could not be removed: $!.") if (-l "$Conf{'temporal'}/$collection_md5_file" && !unlink("$Conf{'temporal'}/$collection_md5_file"));
 		next unless (recv_file ($collection_md5_file) == 0);
 		open (MD5_FILE, "< $Conf{'temporal'}/$collection_md5_file") || error ("Could not open file '$Conf{'temporal'}/$collection_md5_file' for reading: $!.");
 		my $remote_collection_md5 = <MD5_FILE>;
@@ -1926,6 +1932,7 @@ while (1) {
 
 		# Save XML data file
 		my $temp_file = $Conf{'temporal'} . '/' . $Conf{'agent_name'} . '.' . time () . '.data';
+		error ("File '$temp_file' already exists as a symlink and could not be removed: $!") if (-l $temp_file && !unlink($temp_file));
 		open (TEMP_FILE, "> $temp_file") || error ("Could not write XML data file: $!");
 		print TEMP_FILE $Xml;
 		close (TEMP_FILE);