Hi, I'm already using openldap-1.2 on a Linux and on a Sunos4 system. But when I had a close look at the "make install" log I noticed that some auxiliary files are created in /tmp, with predictable names like "xrpcomp.tmp". Since the installation usually has to be done by root, this is a possible security hazard: someone could create a symbolic link, like for instance "ln -s /etc/passwd /tmp/xrpcomp.tmp" and wait for the administrator to (re)install openldap. Although this won't happen to often, it may still be predictable on a system where openldap exists and gets updated from time to time, or where the installation of an ldap server was announced. The administrator would then overwrite an arbitrary file on his/her system with all the dire consequences this may have. I'd therefore suggest to either remove all temporarily created files before using them (but this is only a partial solution as it opens up a race condition) or, better still, only create files in directories which are not writable by ordinary users. You might create (and later on delete) a temporary subdirectory of the ldap build directory, for instance. Although I'm complaining, let me say a big "thank you" for the good work you've done! Detlef
I believe this issue has already been resolved in -devel. Our next release should include the changes. You are encourged to verify that -devel has all such instances have been fixed. Kurt At 03:47 PM 4/20/99 GMT, lannert@uni-duesseldorf.de wrote: >Hi, > >I'm already using openldap-1.2 on a Linux and on a Sunos4 system. But >when I had a close look at the "make install" log I noticed that some >auxiliary files are created in /tmp, with predictable names like >"xrpcomp.tmp". > >Since the installation usually has to be done by root, this is a >possible security hazard: someone could create a symbolic link, like for >instance "ln -s /etc/passwd /tmp/xrpcomp.tmp" and wait for the >administrator to (re)install openldap. Although this won't happen to >often, it may still be predictable on a system where openldap exists >and gets updated from time to time, or where the installation of an >ldap server was announced. The administrator would then overwrite an >arbitrary file on his/her system with all the dire consequences this >may have. > >I'd therefore suggest to either remove all temporarily created files >before using them (but this is only a partial solution as it opens up >a race condition) or, better still, only create files in directories >which are not writable by ordinary users. You might create (and later >on delete) a temporary subdirectory of the ldap build directory, for >instance. > >Although I'm complaining, let me say a big "thank you" for the good >work you've done! > > Detlef > > >
changed notes changed state Open to Test
moved from Incoming to Software Bugs
moved from Software Bugs to Build
changed notes changed state Test to Closed
Believed fix in -devel. Dead.