[cmaster-next] Snapcraft_v2 branch ready for merge into stable/2.0
David Lamparter
david at opensourcerouting.org
Thu Dec 15 16:41:09 EST 2016
On Thu, Dec 15, 2016 at 05:06:36PM +0700, Martin Winter wrote:
> On 15 Dec 2016, at 0:41, David Lamparter wrote:
> > This is a hard no-go. vtysh.conf contains authentication-related
> > options which can be used together with setting vtysh SGID to
> > quaggavty.
[...]
>
> Crap.
>
> Any suggestion on how to get this done? Location is unknown at compile
> time.
>
> Only thought I have is to only allow the override if run as root?
> Any better idea?
I think we need something like:
int restricted = (getuid() != geteuid()) || (getgid() != getegid());
...
if (!restricted) ...
We can also use that for restricting other options, though I think we're
mostly OK there. We should add access() calls on markfile & dryru,
because we also have "arbitrary file reading" vulnerabilities there.
VTYSH_LOG is also a big problem.
All in all, we are not secure for vtysh-as-SGID setups to begin with, so
this didn't make it much worse, but I don't want to make it slightly
worse either...
-David
More information about the dev
mailing list