You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gentoo-overlay/net-analyzer/ndoutils/files/secure-install-permissions....

184 lines
6.7 KiB

From 18ef12037f4a68772d6840cbaa08aa2da07d2891 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Sat, 2 Mar 2024 19:30:54 -0500
Subject: [PATCH 1/2] configure.ac: don't install binaries as
ndo2db_user:ndo2db_group
In configure.ac we were adding two flags to INSTALL_OPTS that change
the owner:group of all installed files to ndo2db_user:ndo2db_group.
This is often a security vulnerability, since executables (we have a
few) are typically installed into everyone's PATH. If root ever
executes them, the ndo2db_user can take advantage of the situation to
run malicious code as root.
Fortunately the change in ownership is not really needed. We simply
drop the INSTALL_OPTS, which are used for nothing else, allowing our
files to be installed as the user who is doing the installing. When
installing to one of the system PATHs, that will almost always be
root.
---
Makefile.in | 9 ++++-----
configure.ac | 2 --
docs/docbook/en-en/Makefile.in | 1 -
src/Makefile.in | 31 +++++++++++++++----------------
4 files changed, 19 insertions(+), 24 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index 58c9f0f..68774c2 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -37,7 +37,6 @@ INSTALL=@INSTALL@
GREP=@GREP@
EGREP=@EGREP@
-INSTALL_OPTS=@INSTALL_OPTS@
OPSYS=@opsys@
DIST=@dist_type@
@@ -98,10 +97,10 @@ install:
@echo ""
install-config:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR)
- $(INSTALL) -m 644 $(INSTALL_OPTS) config/ndo2db.cfg-sample $(DESTDIR)$(CFGDIR)
- $(INSTALL) -m 644 $(INSTALL_OPTS) config/ndomod.cfg-sample $(DESTDIR)$(CFGDIR)
+ $(INSTALL) -m 775 -d $(DESTDIR)$(CFGDIR)
+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR)
+ $(INSTALL) -m 644 config/ndo2db.cfg-sample $(DESTDIR)$(CFGDIR)
+ $(INSTALL) -m 644 config/ndomod.cfg-sample $(DESTDIR)$(CFGDIR)
@echo ""
@echo "*** Config files installed ***"
@echo ""
diff --git a/configure.ac b/configure.ac
index 58b47a4..3279397 100644
--- a/configure.ac
+++ b/configure.ac
@@ -317,8 +317,6 @@ AC_ARG_WITH(ndo2db_user,AC_HELP_STRING([--with-ndo2db-user=<user>],[sets user na
AC_ARG_WITH(ndo2db_group,AC_HELP_STRING([--with-ndo2db-group=<group>],[sets group name to run NDO2DB]),ndo2db_group=$withval,ndo2db_group=nagios)
AC_SUBST(ndo2db_user)
AC_SUBST(ndo2db_group)
-INSTALL_OPTS="-o $ndo2db_user -g $ndo2db_group"
-AC_SUBST(INSTALL_OPTS)
dnl Does the user want to check for systemd?
diff --git a/docs/docbook/en-en/Makefile.in b/docs/docbook/en-en/Makefile.in
index d72b68c..29e1e1e 100644
--- a/docs/docbook/en-en/Makefile.in
+++ b/docs/docbook/en-en/Makefile.in
@@ -13,7 +13,6 @@ BINDIR=@bindir@
LIBEXECDIR=@libexecdir@
DATAROOTDIR=@datarootdir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
all:
diff --git a/src/Makefile.in b/src/Makefile.in
index 532cc82..352a768 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -26,7 +26,6 @@ exec_prefix=@exec_prefix@
PIPEDIR=@localstatedir@
BINDIR=@bindir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
CC=@CC@
@@ -126,9 +125,9 @@ distclean: clean
devclean: distclean
install: install-4x
- $(INSTALL) -m 774 $(INSTALL_OPTS) file2sock $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 $(INSTALL_OPTS) log2ndo $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 $(INSTALL_OPTS) sockdebug $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 774 file2sock $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 774 log2ndo $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 774 sockdebug $(DESTDIR)$(BINDIR)
@echo ""
@echo " Hint: NDOUtils Installation against Nagios v4.x"
@echo " completed."
@@ -147,20 +146,20 @@ install: install-4x
@echo ""
install-2x:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-2x $(DESTDIR)$(BINDIR)/ndo2db
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-2x.o $(DESTDIR)$(BINDIR)/ndomod.o
+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR)
+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 ndo2db-2x $(DESTDIR)$(BINDIR)/ndo2db
+ $(INSTALL) -m 755 ndomod-2x.o $(DESTDIR)$(BINDIR)/ndomod.o
install-3x:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-3x $(DESTDIR)$(BINDIR)/ndo2db
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-3x.o $(DESTDIR)$(BINDIR)/ndomod.o
+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR)
+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 ndo2db-3x $(DESTDIR)$(BINDIR)/ndo2db
+ $(INSTALL) -m 755 ndomod-3x.o $(DESTDIR)$(BINDIR)/ndomod.o
install-4x:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(PIPEDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndo2db-4x $(DESTDIR)$(BINDIR)/ndo2db
- $(INSTALL) -m 755 $(INSTALL_OPTS) ndomod-4x.o $(DESTDIR)$(BINDIR)/ndomod.o
+ $(INSTALL) -m 775 -d $(DESTDIR)$(PIPEDIR)
+ $(INSTALL) -m 775 -d $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 ndo2db-4x $(DESTDIR)$(BINDIR)/ndo2db
+ $(INSTALL) -m 755 ndomod-4x.o $(DESTDIR)$(BINDIR)/ndomod.o
--
2.43.0
From 69a80d6a9bf1196ffcfffa7f756633bb13a62b5f Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Sat, 2 Mar 2024 19:52:47 -0500
Subject: [PATCH 2/2] src/Makefile.in: install all executables with mode 0755
Three executables -- file2sock, log2ndo, and sockdebug -- are
currently being installed group-writable but not
world-executable. This is in contrast with the other two executables,
ndo2db and ndomod.o, that are installed mode 0755.
Having recently removed the INSTALL_OPTS that were altering the
owner:group of these files, there is no longer any security risk to
mode 0774. However, 0755 is more consistent with both the rest of our
executables, and with the typical permissions on /usr/bin that arise
from the (extremely common) umask of 0022.
We change these three to 0755 for a little bit of extra peace of mind.
changes. Lines starting # with '#' will be ignored, and an empty
message aborts the commit. # # Date: Sat Mar 2 19:52:47 2024 -0500 #
src/Makefile.in #
---
src/Makefile.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/Makefile.in b/src/Makefile.in
index 352a768..e6a1816 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -125,9 +125,9 @@ distclean: clean
devclean: distclean
install: install-4x
- $(INSTALL) -m 774 file2sock $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 log2ndo $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 sockdebug $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 file2sock $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 log2ndo $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 sockdebug $(DESTDIR)$(BINDIR)
@echo ""
@echo " Hint: NDOUtils Installation against Nagios v4.x"
@echo " completed."
--
2.43.0