133 – Possible security problem with openldap install

Issue 133 - Possible security problem with openldap install

Summary: Possible security problem with openldap install

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	build (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	1999-04-20 15:46 UTC by lannert@lannert.rz.uni-duesseldorf.de
Modified:	2014-08-01 21:05 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description lannert@lannert.rz.uni-duesseldorf.de 1999-04-20 15:46:47 UTC

Hi,

I'm already using openldap-1.2 on a Linux and on a Sunos4 system. But
when I had a close look at the "make install" log I noticed that some
auxiliary files are created in /tmp, with predictable names like
"xrpcomp.tmp".

Since the installation usually has to be done by root, this is a
possible security hazard: someone could create a symbolic link, like for
instance "ln -s /etc/passwd /tmp/xrpcomp.tmp" and wait for the
administrator to (re)install openldap. Although this won't happen to
often, it may still be predictable on a system where openldap exists
and gets updated from time to time, or where the installation of an
ldap server was announced. The administrator would then overwrite an
arbitrary file on his/her system with all the dire consequences this
may have.

I'd therefore suggest to either remove all temporarily created files
before using them (but this is only a partial solution as it opens up
a race condition) or, better still, only create files in directories
which are not writable by ordinary users. You might create (and later
on delete) a temporary subdirectory of the ldap build directory, for
instance.

Although I'm complaining, let me say a big "thank you" for the good
work you've done!

  Detlef

Comment 1 Kurt Zeilenga 1999-04-20 17:10:04 UTC

I believe this issue has already been resolved in -devel.
Our next release should include the changes.  You are
encourged to verify that -devel has all such instances
have been fixed.

Kurt

At 03:47 PM 4/20/99 GMT, lannert@uni-duesseldorf.de wrote:
>Hi,
>
>I'm already using openldap-1.2 on a Linux and on a Sunos4 system. But
>when I had a close look at the "make install" log I noticed that some
>auxiliary files are created in /tmp, with predictable names like
>"xrpcomp.tmp".
>
>Since the installation usually has to be done by root, this is a
>possible security hazard: someone could create a symbolic link, like for
>instance "ln -s /etc/passwd /tmp/xrpcomp.tmp" and wait for the
>administrator to (re)install openldap. Although this won't happen to
>often, it may still be predictable on a system where openldap exists
>and gets updated from time to time, or where the installation of an
>ldap server was announced. The administrator would then overwrite an
>arbitrary file on his/her system with all the dire consequences this
>may have.
>
>I'd therefore suggest to either remove all temporarily created files
>before using them (but this is only a partial solution as it opens up
>a race condition) or, better still, only create files in directories
>which are not writable by ordinary users. You might create (and later
>on delete) a temporary subdirectory of the ldap build directory, for
>instance.
>
>Although I'm complaining, let me say a big "thank you" for the good
>work you've done!
>
>  Detlef
>
>
>

Comment 2 Kurt Zeilenga 1999-04-20 23:04:37 UTC

changed notes
changed state Open to Test

Comment 3 Kurt Zeilenga 1999-04-20 23:04:51 UTC

moved from Incoming to Software Bugs

Comment 4 Kurt Zeilenga 1999-06-03 02:55:21 UTC

moved from Software Bugs to Build

Comment 5 Kurt Zeilenga 2000-04-19 06:10:41 UTC

changed notes
changed state Test to Closed

Comment 6 OpenLDAP project 2014-08-01 21:05:08 UTC

Believed fix in -devel.
Dead.