aboutsummaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorWarner Losh <imp@FreeBSD.org>1997-01-01 00:03:49 +0000
committerWarner Losh <imp@FreeBSD.org>1997-01-01 00:03:49 +0000
commit335524b9adf829701f9d27d79b1017d7d41b44f1 (patch)
tree7c2d15d9a1fe36ce463488bc1163cdf4515ea3d6 /sbin
parent38bf94079115f44ec1cd7ae9424f18fe4e47abec (diff)
downloadsrc-335524b9adf829701f9d27d79b1017d7d41b44f1.tar.gz
src-335524b9adf829701f9d27d79b1017d7d41b44f1.zip
Various security related deltas from OpenBSD
dirs.c: From OpenBSD 1.2, 1.3, 1.5, 1.8, 1.10, 1.11, 1.12 1.2: use unique temporary files; netbsd pr#2544; lukem@supp.cpr.itg.telecom.com.au 1.3: updated patch from lukem@supp.cpr.itg.telecom.com.au to also make -r and -R work again 1.5: mktemp open & fdopen 1.8: /tmp// -> /tmp/ 1.10: Fix strncpy usage and correct strncat length field, from Theo. Also change some occurrence of MAXPATHLEN with sizeof(foo). 1.11: does noone know how to use strncat correctly? 1.12: use mkstemp() From NetBSD: Use open rather than create so we can specify exclusive open mode. main.c: From OpenBSD 1.2, 1.5 1.2: From NetBSD: support $TAPE. 1.5 Set umask to be read only by owner until we set real file permissions. tape.c: From NetBSD: Use open rather than create so we can specify exclusive open mode.
Notes
Notes: svn path=/head/; revision=21149
Diffstat (limited to 'sbin')
-rw-r--r--sbin/restore/dirs.c50
-rw-r--r--sbin/restore/main.c7
-rw-r--r--sbin/restore/tape.c3
3 files changed, 43 insertions, 17 deletions
diff --git a/sbin/restore/dirs.c b/sbin/restore/dirs.c
index b092eab361fc..a4038eb1f63e 100644
--- a/sbin/restore/dirs.c
+++ b/sbin/restore/dirs.c
@@ -104,9 +104,9 @@ struct rstdirdesc {
static long seekpt;
static FILE *df, *mf;
static RST_DIR *dirp;
-static char dirfile[32] = "#"; /* No file */
-static char modefile[32] = "#"; /* No file */
-static char dot[2] = "."; /* So it can be modified */
+static char dirfile[MAXPATHLEN] = "#"; /* No file */
+static char modefile[MAXPATHLEN] = "#"; /* No file */
+static char dot[2] = "."; /* So it can be modified */
/*
* Format of old style directories.
@@ -142,11 +142,18 @@ extractdirs(genmode)
register struct dinode *ip;
struct inotab *itp;
struct direct nulldir;
+ int fd;
vprintf(stdout, "Extract directories from tape\n");
- (void) sprintf(dirfile, "%s/rstdir%d", _PATH_TMP, dumpdate);
- df = fopen(dirfile, "w");
- if (df == NULL) {
+ (void) sprintf(dirfile, "%srstdir%d", _PATH_TMP, dumpdate);
+ if (command != 'r' && command != 'R') {
+ (void *) strcat(dirfile, "-XXXXXX");
+ fd = mkstemp(dirfile);
+ } else
+ fd = open(dirfile, O_RDWR|O_CREAT|O_EXCL, 0666);
+ if (fd == -1 || (df = fdopen(fd, "w")) == NULL) {
+ if (fd != -1)
+ close(fd);
fprintf(stderr,
"restore: %s - cannot create directory temporary\n",
dirfile);
@@ -154,9 +161,15 @@ extractdirs(genmode)
done(1);
}
if (genmode != 0) {
- (void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
- mf = fopen(modefile, "w");
- if (mf == NULL) {
+ (void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
+ if (command != 'r' && command != 'R') {
+ (void *) strcat(modefile, "-XXXXXX");
+ fd = mkstemp(modefile);
+ } else
+ fd = open(modefile, O_RDWR|O_CREAT|O_EXCL, 0666);
+ if (fd == -1 || (mf = fdopen(fd, "w")) == NULL) {
+ if (fd != -1)
+ close(fd);
fprintf(stderr,
"restore: %s - cannot create modefile \n",
modefile);
@@ -239,8 +252,9 @@ treescan(pname, ino, todo)
* begin search through the directory
* skipping over "." and ".."
*/
- (void) strncpy(locname, pname, MAXPATHLEN);
- (void) strncat(locname, "/", MAXPATHLEN);
+ (void) strncpy(locname, pname, sizeof(locname) - 1);
+ locname[sizeof(locname) - 1] = '\0';
+ (void) strncat(locname, "/", sizeof(locname) - strlen(locname));
namelen = strlen(locname);
rst_seekdir(dirp, itp->t_seekpt, itp->t_seekpt);
dp = rst_readdir(dirp); /* "." */
@@ -260,9 +274,9 @@ treescan(pname, ino, todo)
*/
while (dp != NULL && dp->d_ino != 0) {
locname[namelen] = '\0';
- if (namelen + dp->d_namlen >= MAXPATHLEN) {
+ if (namelen + dp->d_namlen >= sizeof(locname)) {
fprintf(stderr, "%s%s: name exceeds %d char\n",
- locname, dp->d_name, MAXPATHLEN);
+ locname, dp->d_name, sizeof(locname) - 1);
} else {
(void) strncat(locname, dp->d_name, (int)dp->d_namlen);
treescan(locname, dp->d_ino, todo);
@@ -585,7 +599,13 @@ setdirmodes(flags)
char *cp;
vprintf(stdout, "Set directory mode, owner, and times.\n");
- (void) sprintf(modefile, "%s/rstmode%d", _PATH_TMP, dumpdate);
+ if (command == 'r' || command == 'R')
+ (void) sprintf(modefile, "%srstmode%d", _PATH_TMP, dumpdate);
+ if (modefile[0] == '#') {
+ panic("modefile not defined\n");
+ fprintf(stderr, "directory mode, owner, and times not set\n");
+ return;
+ }
mf = fopen(modefile, "r");
if (mf == NULL) {
fprintf(stderr, "fopen: %s\n", strerror(errno));
@@ -640,7 +660,7 @@ genliteraldir(name, ino)
itp = inotablookup(ino);
if (itp == NULL)
panic("Cannot find directory inode %d named %s\n", ino, name);
- if ((ofile = creat(name, 0666)) < 0) {
+ if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0666)) < 0) {
fprintf(stderr, "%s: ", name);
(void) fflush(stderr);
fprintf(stderr, "cannot create file: %s\n", strerror(errno));
diff --git a/sbin/restore/main.c b/sbin/restore/main.c
index 936116e319b8..a45994552353 100644
--- a/sbin/restore/main.c
+++ b/sbin/restore/main.c
@@ -82,13 +82,18 @@ main(argc, argv)
{
int ch;
ino_t ino;
- char *inputdev = _PATH_DEFTAPE;
+ char *inputdev;
char *symtbl = "./restoresymtable";
char *p, name[MAXPATHLEN];
+ /* Temp files should *not* be readable. We set permissions later. */
+ (void) umask(077);
+
if (argc < 2)
usage();
+ if ((inputdev = getenv("TAPE")) == NULL)
+ inputdev = _PATH_DEFTAPE;
obsolete(&argc, &argv);
while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != EOF)
switch(ch) {
diff --git a/sbin/restore/tape.c b/sbin/restore/tape.c
index fcf41e85ea2c..7aae76daa715 100644
--- a/sbin/restore/tape.c
+++ b/sbin/restore/tape.c
@@ -583,7 +583,8 @@ extractfile(name)
skipfile();
return (GOOD);
}
- if ((ofile = creat(name, 0666)) < 0) {
+ if ((ofile = open(name, O_WRONLY | O_CREAT | O_TRUNC,
+ 0666)) < 0) {
fprintf(stderr, "%s: cannot create file: %s\n",
name, strerror(errno));
skipfile();