[yast-commit] r66761 - in /branches/SuSE-Code-11-SP2-Branch/core/agent-ini: doc/ag_ini.html src/IniAgent.cc src/IniFile.cc src/IniFile.h src/IniParser.cc

8 Nov 2011

Author: mvidner
Date: Tue Nov  8 16:16:22 2011
New Revision: 66761

URL: http://svn.opensuse.org/viewcvs/yast?rev=66761&view=rev
Log:
Added Write(.section_private.FILE_SECTION, BOOL) (bnc#713661, CVE-2011-3177)

Modified:
    branches/SuSE-Code-11-SP2-Branch/core/agent-ini/doc/ag_ini.html
    branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniAgent.cc
    branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.cc
    branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.h
    branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniParser.cc

Modified: branches/SuSE-Code-11-SP2-Branch/core/agent-ini/doc/ag_ini.html
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/agent-ini/doc/ag_ini.html?rev=66761&r1=66760&r2=66761&view=diff
==============================================================================

--- branches/SuSE-Code-11-SP2-Branch/core/agent-ini/doc/ag_ini.html (original)
+++ branches/SuSE-Code-11-SP2-Branch/core/agent-ini/doc/ag_ini.html Tue Nov  8 16:16:22 2011
@@ -533,6 +533,13 @@
 section was read by.</td>
 </tr>
 
+<tr>
+<td>
+<tt>.ini.section_private.<i>sectionname</i></tt></td>
+<td>a boolean write-only property for sections corresponding to files.
+If true, the file will not be readable by group and others.</td>
+</tr>
+
 <tr class="notimpl">
 <td>
 <tt>.ini.section_file.<i>sectionname</i>.<i>sectionname</i></tt></td>

Modified: branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniAgent.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniAgent.cc?rev=66761&r1=66760&r2=66761&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniAgent.cc (original)
+++ branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniAgent.cc Tue Nov  8 16:16:22 2011
@@ -98,7 +98,7 @@
     else
     {
 	if (( parser.repeatNames () && value->isList ()) ||
-	    (!parser.repeatNames () &&  (value->isString () || value->isInteger())) ||
+	    (!parser.repeatNames () &&  (value->isString () || value->isBoolean() || value->isInteger())) ||
 	    path->component_str(0) == "all"
 	    )
 	    {

Modified: branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.cc?rev=66761&r1=66760&r2=66761&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.cc (original)
+++ branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.cc Tue Nov  8 16:16:22 2011
@@ -75,6 +75,19 @@
     return YCPNull ();
 }
 
+/**
+ * Return the YCPBoolean or YCPNull if it is not one. Log an error.
+ */
+static
+YCPBoolean as_boolean (const YCPValue& v, const char * context)
+{
+    if (v->isBoolean ())
+	return v->asBoolean ();
+    ycp2error ("Expected a boolean for %s, got %s %s",
+	       context, v->valuetype_str(), v->toString().c_str());
+    return YCPNull ();
+}
+
 void IniSection::initValue (const string&key,const string&val,const string&comment,int rb)
 {
     string k = ip->changeCase (key);
@@ -486,6 +499,9 @@
       return setSectionProp (p, v, 0, 1);
     if (s == "st" || s == "section_type" || s == "sectiontype")
       return setSectionProp (p, v, rewrite? 1:2, 1);
+    if (s == "section_private")
+      return setSectionProp (p, v, 3, 1);
+
     return -1;
 }
 
@@ -591,12 +607,18 @@
 			return -1;
 		    s.setRewriteBy (i->value());
 		}
-		else {
+		else if (what == 2) {
 		    YCPInteger i = as_integer (prop, "section_type");
 		    if (i.isNull())
 			return -1;
 		    s.setReadBy (i->value());
 		}
+		else if (what == 3) {
+		    YCPBoolean b = as_boolean (prop, "section_private");
+		    if (b.isNull())
+			return -1;
+		    s.setPrivate (b->value());
+		}
 
 		if (xi != xe)
 		{

Modified: branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.h?rev=66761&r1=66760&r2=66761&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.h (original)
+++ branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniFile.h Tue Nov  8 16:16:22 2011
@@ -241,6 +241,13 @@
      */
     string end_comment;
 
+    /**
+     * It is effective only when the section corresponds to a file.
+     * The file will not be readable by group and others.
+     * bnc#713661
+     */
+    bool is_private;
+
     /** index to IniParser::rewrites for filename - section name mapping
      * It appears that read_by was used for both purposes,
      * causing bug (#19066).
@@ -435,7 +442,7 @@
     IniSection (const IniParser *p)
 	: IniBase (-1),
 	  ip (p),
-	  end_comment (), rewrite_by(-1),
+	  end_comment (), is_private(false), rewrite_by(-1),
 	  container (), ivalues (), isections ()
 	    {}
 
@@ -446,7 +453,7 @@
     IniSection (const IniSection &s) :
 	IniBase (s),
 	  ip (s.ip),
-	  end_comment (s.end_comment), rewrite_by (s.rewrite_by),
+          end_comment (s.end_comment), is_private(s.is_private), rewrite_by (s.rewrite_by),
 	  container (s.container)
 	{ reindex (); }
 
@@ -458,7 +465,9 @@
 	    } 
 	    IniBase::operator = (s);
 	    ip = s.ip;
-	    end_comment = s.end_comment; rewrite_by = s.rewrite_by;
+	    end_comment = s.end_comment;
+            is_private = s.is_private;
+            rewrite_by = s.rewrite_by;
 	    container = s.container;
 
 	    reindex ();
@@ -474,7 +483,7 @@
     IniSection (const IniParser *p, string n)
 	: IniBase (n),
 	  ip (p),
-	  end_comment (), rewrite_by(0),
+	  end_comment (), is_private(false), rewrite_by(0),
 	  container(), ivalues (), isections ()
 	    {}
     /**
@@ -511,6 +520,9 @@
      */
     int getSubSectionRewriteBy (const char*name);
 
+    void setPrivate(bool p) { is_private = p; }
+    bool isPrivate() const { return is_private; }
+
     /** 
      * If there is no comment at the beginning and no values and no
      * sections, it is better to set is as comment at the beginning.

Modified: branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniParser.cc
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniParser.cc?rev=66761&r1=66760&r2=66761&view=diff
==============================================================================
--- branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniParser.cc (original)
+++ branches/SuSE-Code-11-SP2-Branch/core/agent-ini/src/IniParser.cc Tue Nov  8 16:16:22 2011
@@ -997,6 +997,12 @@
     // ensure that the directories exist
     Pathname pn(filename);
     PathInfo::assert_dir (pn.dirname ());
+
+    mode_t file_umask = section.isPrivate()? 0077: 0022;
+    mode_t orig_umask = umask(file_umask);
+    // rewriting an existing file wouldnt change its mode
+    unlink(filename.c_str());
+
     ofstream of(filename.c_str());
     if (!of.good()) {
         y2error ("Can not open file %s for write", filename.c_str());
@@ -1006,6 +1012,7 @@
     write_helper (section, of, 0);
 
     of.close();
+    umask(orig_umask);
     return 0;
 }
 

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r66761 - in /branches/SuSE-Code-11-SP2-Branch/core/agent-ini: doc/ag_ini.html src/IniAgent.cc src/IniFile.cc src/IniFile.h src/IniParser.cc

mvidner＠svn2.opensuse.org