Thanks to Peter Watkins for the suggested fix.

Also, TolisGroup have responded with confirmation of an update for the first reported race
condition (http://online.securityfocus.com/bid/3970), and an ETA on a new update for this one just discovered.

Cheers,
prophecyprophecy.net.nz

On Fri, 13 Sep 2002, supporttolisgroup.com wrote:

> The /tmp file exploit in the previous setlicense was fixed the day after
> it was mentioned and posted. All new version of the setlicense program (since
> BRU 17.0.0.0.5) no longer require any /tmp file access.
>
> As for this one, we are working on a new release of XBRU that will
> resolve it. ETA Late September.
>
> Tim Jones
>

On Fri, 13 Sep 2002, Peter Watkins wrote:

> Isn't xbru still a Tcl script? It should not be too hard to locate
> references to /tmp/ and fix the problem. I've got an older copy of
> BRU on my system & it has a similar problem, but not exactly the same.
> Anyhow, a general fix would be 1) putting the following code at the
> beginning of the Tcl script that xbru uses (on my system, that's xbru.tcl)
> and 2) replacing each instance of the string "/tmp" (without quotations)
> with the string "[brufixGetTmpdir]" (without quotations). As a variant of
> step 1), you could save this as /usr/local/lib/brufix-tmpdir.tcl or
> something and modify xbru to add
> source /usr/local/lib/brufix-tmpdir.tcl
> near the beginning of the script, to make the changes cleaner.
>
> -Peter
>
>
> # brufix-tmpdir.tcl
> # Tcl code to make a safe temporary directory for BRU Tcl/Tk scripts
> # Peter Watkins, 2002 - sample code, no guarantees
> #
> proc brufixSetTmpdir {} {
> # make the safe temp dir & store its name in a global var
> # or exit if errors; respect $TMPDIR if set
> global env
> global brufixTmpdir
> set brufixBaseTmpdir {/tmp}
> catch {set brufixBaseTmpdir $env(TMPDIR)}
> if {([file isdirectory $brufixBaseTmpdir] == 0) || ([file exists $brufixBaseTmpdir] == 0)} {
> puts stderr "temporary directory $brufixBaseTmpdir does not exist!"
> exit 1
> }
> set brufixTmpdir "$brufixBaseTmpdir/bru-[clock clicks]"
> if {[catch {file mkdir $brufixTmpdir}] != 0} {
> puts stderr "error creating temporary directory $brufixTmpdir !"
> exit 1
> }
> if {[catch {exec /bin/chmod 0700 $brufixTmpdir}] != 0} {
> puts stderr "error setting perms on temporary directory $brufixTmpdir !"
> exit 1
> }
> }
> proc brufixGetTmpdir {} {
> # return the safe temp directory name
> global brufixTmpdir
> if {([info exists brufixTmpdir] == 0) || ([string length $brufixTmpdir] == 0)} {
> puts stderr "need to call brufixSetTmpdir before brufixGetTmpdir!"
> exit 2
> }
> if {([file isdirectory $brufixTmpdir] == 0) || ([file exists $brufixTmpdir] == 0)} {
> puts stderr "BRU temporary directory $brufixTmpdir does not exist!"
> exit 3
> }
> return $brufixTmpdir
> }
> # early in the execution: make sure we have a good directory
> # this should only be called once!
> brufixSetTmpdir
>
> On Fri, Sep 13, 2002 at 12:08:16PM +1200, prophecyprophecy.net.nz wrote:
>
> > Problem:
>
> > Fix:
> > - No response from vendor: (supporttolisgroup.com)
>
> > Strace Snippet:
> >
> > [pid 32159] execve("/bin/dd", ["dd", "if=/dev/nst0",
> > "of=/tmp/xbru_dscheck.dd", "bs=32k", "count=1"], [/* 38 vars */]) = 0
> > [pid 32159] open("/tmp/xbru_dscheck.dd",
> > O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 1
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]