[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8328) Information leak in slapo-auditlog
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8328) Information leak in slapo-auditlog
- From: hyc@symas.com
- Date: Thu, 03 Dec 2015 20:11:00 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
moritz@wikimedia.org wrote:
> Full_Name: Moritz M.hlenhoff
> Version: 2.4.40
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (91.96.145.189)
>
>
> I setup a test system which made use of the slapo-auditlog overlay using these
> config options:
>
> moduleload auditlog
> overlay auditlog
> auditlog /var/lib/ldap/slapd-audit.log
>
> The /var/lib/ldap/slapd-audit.log was created with world-readable permissions,
> which constitutes a security issue since that file also logs sensitive
> attributes which are otherwise protected by ACLs (such as password hashes).
>
>
> Proposed patch:
>
> diff -aur openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c
> openldap-2.4.40+dfsg/rvrvers/slapd/overlays/auditlog.c
> --- openldap-2.4.40+dfsg.orig/servers/slapd/overlays/auditlog.c 2014-09-19
> 01:48:49.000000000 +0000
> +++ openldap-2.4.40+dfsg/servers/slapd/overlays/auditlog.c 2015-12-02
> 11:08:24.331146770 +0000
> @@ -121,6 �121,7 @@
>
> peername = op->o_conn->c_peer_name;
> ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
> + umask(027);
> if((f = fopen(ad->ad_logfile, "a")) == NULL) {
> ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
> return SLAP_CB_CONTINUE;
>
>
>
The patch is unacceptable, umask() is process-wide and persistent. No slapd
code should be overriding any umask that may have been set when slapd was
launched.
The correct fix for this is to set the desired umask in whatever startup
script you use to start slapd. Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/