From 3477834ce69a74cb84d6efccd22716475cc506f3 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 5 Dec 2006 07:45:00 +0000 Subject: [PATCH] * NEWS: Describe the following change briefly. * bootstrap.conf (gnulib_modules): Remove stat-macros; no longer needed. * gzip.c: Don't include stat-macros.h; no longer needed. (treat_file): Refuse to compress files that are setuid, or setgid, as this can in theory lead to security holes. Also, refuse to compress files with the sticky bit set, on general principle. (copy_stat): Don't copy the setuid, setgid, or sticky bits, as (given the above change) they'll always be zero here. Invoke chmod before chown, to close a race condition. --- ChangeLog | 11 +++++++++++ NEWS | 4 ++++ bootstrap.conf | 1 - gzip.c | 42 +++++++++++++++++++++++++++++++++--------- 4 files changed, 48 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8b43fa9..cde2dc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,16 @@ 2006-12-04 Paul Eggert + * NEWS: Describe the following change briefly. + * bootstrap.conf (gnulib_modules): Remove stat-macros; no longer + needed. + * gzip.c: Don't include stat-macros.h; no longer needed. + (treat_file): Refuse to compress files that are setuid, or setgid, + as this can in theory lead to security holes. Also, refuse to + compress files with the sticky bit set, on general principle. + (copy_stat): Don't copy the setuid, setgid, or sticky bits, + as (given the above change) they'll always be zero here. + Invoke chmod before chown, to close a race condition. + * .cvsignore: Add *.doc, build-aux. * doc/.cvignore: New file. * lib/.cvsignore: New file. diff --git a/NEWS b/NEWS index 0e2c01f..a899a11 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,9 @@ Major changes in Gzip 1.3.7 (not yet released) +* Fix some gzip problems: + - Refuse to compress setuid or setgid files, or files with the sticky bit. + - Fix more race conditions in setting file permissions and owner. + - Fix a core dump caused by a stray abort mistakenly introduced in 1.3.6. * Fix some gzexe problems: - Improve resistance to denial-of-service attacks. - Fix some quoting and escaping bugs. diff --git a/bootstrap.conf b/bootstrap.conf index 17eff24..45ceb0b 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -28,7 +28,6 @@ gnulib_modules=' fcntl-safer fdl getopt - stat-macros stat-time sys_stat utimens diff --git a/gzip.c b/gzip.c index a9016a2..f732278 100644 --- a/gzip.c +++ b/gzip.c @@ -72,7 +72,6 @@ static char rcsid[] = "$Id$"; #include "fcntl-safer.h" #include "getopt.h" #include "openat.h" -#include "stat-macros.h" #include "stat-time.h" /* configuration */ @@ -716,6 +715,29 @@ local void treat_file(iname) close (ifd); return; } + + if (istat.st_mode & S_ISUID) + { + WARN ((stderr, "%s: %s is set-user-ID on execution - ignored\n", + program_name, ifname)); + close (ifd); + return; + } + if (istat.st_mode & S_ISGID) + { + WARN ((stderr, "%s: %s is set-group-ID on execution - ignored\n", + program_name, ifname)); + close (ifd); + return; + } + if (istat.st_mode & S_ISVTX) + { + WARN ((stderr, "%s: %s has the sticky bit set - file ignored\n", + program_name, ifname)); + close (ifd); + return; + } + if (istat.st_nlink > 1 && !to_stdout && !force) { WARN((stderr, "%s: %s has %lu other link%c -- unchanged\n", program_name, ifname, (unsigned long) istat.st_nlink - 1, @@ -1669,7 +1691,7 @@ local int check_ofname() local void copy_stat(ifstat) struct stat *ifstat; { - mode_t mode = ifstat->st_mode & CHMOD_MODE_BITS; + mode_t mode = ifstat->st_mode & S_IRWXUGO; int r; #ifndef NO_UTIME @@ -1698,6 +1720,15 @@ local void copy_stat(ifstat) } } #endif + +#ifndef NO_CHOWN +# if HAVE_FCHOWN + fchown (ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ +# else + chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ +# endif +#endif + /* Copy the protection modes */ #if HAVE_FCHMOD r = fchmod (ofd, mode); @@ -1712,13 +1743,6 @@ local void copy_stat(ifstat) perror(ofname); } } -#ifndef NO_CHOWN -# if HAVE_FCHOWN - fchown (ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ -# else - chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ -# endif -#endif } #if ! NO_DIR -- 2.47.2