[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Patch]Fix the bug of comparing the file's mode in dispatch_parser() and check_exe_name()



Hi Mr. Grubby,

  When I set "dispatcher = /mydir/audispd" in /etc/audit/auditd.conf and make
the mode of /mydir/audispd to 0755, auditd can be started successfully. But I
found in the codes that such file like "/mydir/audispd" is hoped as 0750. 
There
is a little error in comparing the file's mode, "S_IRWXO" should be used not 
just
"S_IWOTH", otherwise the file is allowed to be readable or executable by
others.

  There is the same bug in check_exe_name(). This bug will allow the script of
"exec /path-to-script" to be readable or executable by others.

  Here is my patch for audit-1.7.4. Hope for your opinion about such 
modification.

Signed-off-by: Chu Li<chul cn fujitsu com>
---
diff --git a/src/auditd-config.c b/src/auditd-config.c
index a7a939e..fc2fd48 100644
--- a/src/auditd-config.c
+++ b/src/auditd-config.c
@@ -629,7 +629,7 @@ static int dispatch_parser(struct nv_pair *nv, int line,
 		audit_msg(LOG_ERR, "%s is not owned by root", nv->value);
 		return 1;
 	}
-	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IWOTH)) !=
+	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
 			   (S_IRWXU|S_IRGRP|S_IXGRP)) {
 		audit_msg(LOG_ERR, "%s permissions should be 0750", nv->value);
 		return 1;
@@ -869,7 +869,7 @@ static int check_exe_name(const char *val)
 		audit_msg(LOG_ERR, "%s is not owned by root", val);
 		return -1;
 	}
-	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IWOTH)) !=
+	if ((buf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) !=
 			   (S_IRWXU|S_IRGRP|S_IXGRP)) {
 		audit_msg(LOG_ERR, "%s permissions should be 0750", val);
 		return -1;

Regards
Chu Li





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]