Package: webfs / 1.21+ds1-12

80_cve_2013_0347.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Description: CVE-2013-0347, webfs world-readable logdir
 The log file is created with world-readable
 permissions by default, which poses a potential
 security issue.
 .
 Temporarily set a stronger umask to 0137.
 Then open the log file in append mode. This
 eliminates world's access to a newly created
 file.
Author: Mats Erik Andersson <debian@gisladisker.se>
Bug-Debian: http://bugs.debian.org/701638
Forwarded: not-needed
Last-Update: 2013-10-07

--- webfs-1.21+ds1.debian/webfsd.c
+++ webfs-1.21+ds1/webfsd.c
@@ -11,6 +11,7 @@
 #include <grp.h>
 #include <sys/time.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/signal.h>
 #include <sys/utsname.h>
@@ -379,15 +380,19 @@ mainloop(void *thread_arg)
     for (;!termsig;) {
 	if (got_sighup) {
 	    if (NULL != logfile && 0 != strcmp(logfile,"-")) {
+		mode_t mask;
+
 		if (debug)
 		    fprintf(stderr,"got SIGHUP, reopen logfile %s\n",logfile);
 		DO_LOCK(lock_logfile);
 		if (logfh)
 		    fclose(logfh);
+		mask = umask(0137);
 		if (NULL == (logfh = fopen(logfile,"a")))
 		    xperror(LOG_WARNING,"reopen access log",NULL);
 		else
 		    close_on_exec(fileno(logfh));
+		(void) umask(mask);
 		DO_UNLOCK(lock_logfile);
 	    }
 	    got_sighup = 0;
@@ -916,10 +921,13 @@ main(int argc, char *argv[])
 	if (0 == strcmp(logfile,"-")) {
 	    logfh = stdout;
 	} else {
+	    mode_t mask = umask(0137);
+
 	    if (NULL == (logfh = fopen(logfile,"a")))
 		xperror(LOG_WARNING,"open access log",NULL);
 	    else
 		close_on_exec(fileno(logfh));
+	    (void) umask(mask);
 	}
     }