OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael Paoli (michael1catyahoo.com)
Date: Wed Aug 22 2001 - 07:55:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Adobe Acrobat creates world writable ~/AdobeFnt.lst files

    This problem is present in at least the Linux version:
    ftp://ftp.adobe.com/pub/adobe/acrobatreader/unix/4.x/linux-ar-405.tar.gz

    Even with umask as restrictive as 077, the Adobe binary explicitly
    creates and changes the AdobeFnt.lst file in the HOME directory to be
    world (and group) writable.

    Work-arounds are possible, such as by using wrapper script(s). Note
    that direct patching of the Adobe binary would apparently conflict with
    the Adobe license.

    Vendor notified: on or before 2001-03-02

    references/excerpts:
    ftp://ftp.adobe.com/pub/adobe/acrobatreader/unix/4.x/linux-ar-405.tar.gz
    http://www.google.com/search?q=AdobeFnt.lst+security&btnG=Google+Search
    http://bugs.debian.org/acroread
    ftp://ftp.debian.org/debian/pool/non-free/a/acroread/acroread_4.05-4.diff.gz
    http://www.wiretrip.net/rfp/policy.html

    example work-around wrappers (use at your own risk, standard disclaimers
    apply ...):
    ########################################################################
    if [ ! -e $HOME/AdobeFnt.lst ]; then
      # AcroRead will happily create a world writable AdobeFnt.lst ...
      trap "rm -f $HOME/AdobeFnt.lst" 0
      ln -s /dev/null $HOME/AdobeFnt.lst
    fi
    ########################################################################
    #wrapper stuff to work around world writable ~/AdobeFnt.lst issues

    #directory we'll use, relative to HOME, to work around the problem
    kludgedir=.AdobeFnt.security_kludge_dir

    #check HOME isn't null
    [ X"$HOME" != X ] || {
            1>&2 echo "$0: HOME is unset or null - aborting"
            exit 1
    }

    #if pathname for our kludge directory exists
    if >>/dev/null 2>&1 ls -d "$HOME/$kludgedir"
    then
            #check that it's properly secured
            2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
                    #not properly secured, complain and exit
                    1>&2 echo "$0: found $HOME/$kludgedir but expecting directory with no group or world write or execute permissions - aborting"
                    exit 1
            }
    else
            #"$HOME/$kludgedir" doesn't exist, make it
            (umask 077 && mkdir -p "$HOME/$kludgedir")
            #we should have properly secure "$HOME/$kludgedir" at this point, verify
            2>>/dev/null ls -lLd "$HOME/$kludgedir" | >>/dev/null 2>&1 grep '^d....--.--' || {
                    1>&2 echo "$0: unable to create properly secured $HOME/$kludgedir - aborting"
                    exit 1
            }
    fi

    #does "$HOME"/AdobeFnt.lst exist in any form?
    if >>/dev/null 2>&1 ls -d "$HOME"/AdobeFnt.lst
    then
            #"$HOME"/AdobeFnt.lst may already be set up properly - check
            if [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" != X"$kludgedir"/AdobeFnt.lst ]
            then
                    #it's not what we were hoping for ... is it ordinary file?
                    if [ ! -L "$HOME"/AdobeFnt.lst -a -f "$HOME"/AdobeFnt.lst ]
                    then
                            rm -f "$HOME"/AdobeFnt.lst
                            #is it gone?
                            [ ! -f "$HOME"/AdobeFnt.lst ] || {
                                    1>&2 echo "$0: failed to remove $HOME/AdobeFnt.lst file - aboring"
                                    exit 1
                            }
                            ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
                            #test that "$HOME"/AdobeFnt.lst has been set up properly
                            [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
                                    1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
                                    exit 1
                            }
                    else
                            1>&2 echo "$0: $HOME/AdobeFnt.lst isn't set up as we need it, please remove it - aborting"
                            exit 1
                    fi
            fi
    else
            ln -s "$kludgedir"/AdobeFnt.lst "$HOME"/AdobeFnt.lst
            #test that "$HOME"/AdobeFnt.lst has been set up properly
            [ X"`2>>/dev/null ls -ld "$HOME"/AdobeFnt.lst | sed -ne 's/^l.* -> \(.*\)/\1/p'`" = X"$kludgedir"/AdobeFnt.lst ] || {
                    1>&2 echo "$0: failed to create proper secure $HOME/AdobeFnt.lst - aborting"
                    exit 1
            }
    fi

    #we're done with the kludgedir shell variable
    unset kludgedir
    ########################################################################

    _________________________________________________________
    Do You Yahoo!?
    Get your free yahoo.com address at http://mail.yahoo.com