search

Duncaen / OpenDoas

A portable fork of the OpenBSD `doas` command
Other
623 stars 35 forks source link

timestamp create predictible path #122

Closed mckaygerhard closed 1 year ago

mckaygerhard commented 1 year ago

TIMESTAMP_DIR is predictible to attacks

https://github.com/Duncaen/OpenDoas/blob/b96106b7e34ac591ae78b1684e9be3a265122463/timestamp.c#L89

we can create a ramdom dir under this to improve security?

Duncaen commented 1 year ago

That would not work since we need to be able to find the timestamp files to be able to make use of them. There would also be no benefit, we rely on and check that the directory has the right owner and mode.

mckaygerhard commented 1 year ago

@Duncaen the only check i can see is https://github.com/Duncaen/OpenDoas/blob/b96106b7e34ac591ae78b1684e9be3a265122463/timestamp.c#L289C11-L289C60 and also in line 120.. there-s no owner check or similar..

Duncaen commented 1 year ago

I don't get what you are trying to say, there are checks for the directory being owned by root and the mode being 0700 and checks for the timestamp file being owned by root, the group being the users gid and the mode being 0000.

Line 120 is opening a file in /proc I don't see how this is related at all.