NetBSD Problem Report #44546

From cross@distal.com  Thu Feb 10 16:59:39 2011
Return-Path: <cross@distal.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id AD78D63B842
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 10 Feb 2011 16:59:38 +0000 (UTC)
Message-Id: <20110210165930.D24BC3D84@skaro.distal.com>
Date: Thu, 10 Feb 2011 11:59:30 -0500 (EST)
From: Chris Ross <cross+netbsd@distal.com>
Reply-To: Chris Ross <cross+netbsd@distal.com>
To: gnats-bugs@gnats.NetBSD.org
Subject: Bug in /etc/security causes false-positive "root path includes ."
X-Send-Pr-Version: 3.95

>Number:         44546
>Category:       security
>Synopsis:       Bug in /etc/security causes false-positive report of root path includes .
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    security-officer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 10 17:00:01 +0000 2011
>Closed-Date:    Sun Jun 17 20:41:42 +0000 2012
>Last-Modified:  Sun Jun 17 20:41:42 +0000 2012
>Originator:     Chris Ross
>Release:        NetBSD 5.99.45
>Organization:
>Environment:
System: NetBSD skaro.distal.com 5.99.45 NetBSD 5.99.45 (GENERIC) #0: Mon Feb 7 17:55:57 EST 2011 cross@skaro.distal.com:/data/obj/NetBSD.i386/data/NetBSD/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
	The change from `` to $() in /etc/security improperly escaped the
special characters in the heredoc shell script.  This causes the variable
to contain no data, and the succeeding ls command merely lists the current .,
causing a [false] positive report.
	This affects both the checks of /etc/profile and /root/.profile.
>How-To-Repeat:
	sh /etc/security
>Fix:
Index: etc/security
===================================================================
RCS file: /cvsroot/src/etc/security,v
retrieving revision 1.109
diff -u -r1.109 security
--- security	27 Dec 2010 03:38:52 -0000	1.109
+++ security	10 Feb 2011 16:58:42 -0000
@@ -408,8 +408,8 @@
 			unset PATH
 			/bin/sh << end-of-sh > /dev/null 2>&1
 				. $i
-				list=\$\(echo \$PATH | /usr/bin/sed -e \
-				    's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g'\)
+				list=\$(echo \$PATH | /usr/bin/sed -e \
+				    's/^:/.:/;s/:$/:./;s/::/:.:/g;s/:/ /g')
 				/bin/ls -ldgT \$list > $TMP1
 end-of-sh
 			export PATH=$SAVE_PATH

>Release-Note:

>Audit-Trail:
From: Chris Ross <cross+netbsd@distal.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: security/44546: Bug in /etc/security causes false-positive "root
 path includes ."
Date: Thu, 10 Feb 2011 12:13:10 -0500

    Oops.  I screwed up the submission.  This shouldn't be 
 "Confidential".  If someone could change it, that'd be fine with me.

           - Chris

 On 02/10/2011 12:00 PM, gnats-admin@NetBSD.org wrote:
 > 	Note: There was a bad value `' for the field `Confidential'.
 > 	It was set to the default value of `yes'.
 >
 > Thank you very much for your problem report.
 > It has the internal identification `security/44546'.
 > The individual assigned to look at your
 > report is: security-officer.
 >
 >> Category:       security
 >> Responsible:    security-officer
 >> Synopsis:       Bug in /etc/security causes false-positive report of root path includes .
 >> Arrival-Date:   Thu Feb 10 17:00:01 +0000 2011

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 17 Jun 2012 20:41:42 +0000
State-Changed-Why:
Christos fixed it in March 2011


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.