Make krb5kdc.log not world-readable by default

Resolves: #1276484
author: Robbie Harwood <rharwood@redhat.com> 2016-01-21 18:17:17 +0000
committer: Robbie Harwood <rharwood@redhat.com> 2016-01-21 19:05:45 +0000
commit: 93772ec156e5f6902e991daee94e7b1895133ecc (patch)
tree: 8f4b80fd000845b87586caad3e40567cb7d129e9
parent: 892fe9b7b5d6cb1cfe60b7996015ac2d5572ca55 (diff)
download: krb5-93772ec156e5f6902e991daee94e7b1895133ecc.tar.gz
krb5-93772ec156e5f6902e991daee94e7b1895133ecc.tar.xz
krb5-93772ec156e5f6902e991daee94e7b1895133ecc.zip
2 files changed, 70 insertions, 1 deletions
diff --git a/krb5-1.14.1-log_file_permissions.patch b/krb5-1.14.1-log_file_permissions.patch
new file mode 100644
index 0000000..2e8795b
--- /dev/null
+++ b/krb5-1.14.1-log_file_permissions.patch
@@ -0,0 +1,63 @@
+From 9914b93516bbce9b1123ed5f9f796b7028944892 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 17 Dec 2015 13:31:39 -0500
+Subject: [PATCH] Create KDC and kadmind log files with mode 0640
+
+In krb5_klog_init(), use open() and fdopen() to open log files so that
+we can specify a mode.  Specify a mode which doesn't include the
+group-write, other-read, or other-write bits even if the process umask
+allows them.
+
+[ghudson@mit.edu: wrote commit message, de-indented post-open setup
+code]
+[rharwood@redhat.com: backport not clean for some reason?]
+
+ticket: 8344 (new)
+---
+ src/lib/kadm5/logger.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
+index 19c4355..f4a9387 100644
+
+--- a/src/lib/kadm5/logger.c	2016-01-21 18:52:52.529544902 +0000
++++ b/src/lib/kadm5/logger.c	2016-01-21 18:57:22.923972419 +0000
+@@ -354,7 +354,7 @@
+     const char  *logging_profent[3];
+     const char  *logging_defent[3];
+     char        **logging_specs;
+-    int         i, ngood;
++    int         i, ngood, fd, append;
+     char        *cp, *cp2;
+     char        savec = '\0';
+     int         error;
+@@ -422,18 +422,21 @@
+                     /*
+                      * Check for append/overwrite, then open the file.
+                      */
+-                    if (cp[4] == ':' || cp[4] == '=') {
+-                        f = WRITABLEFOPEN(&cp[5], (cp[4] == ':') ? "a" : "w");
+-                        if (f) {
+-                            set_cloexec_file(f);
+-                            log_control.log_entries[i].lfu_filep = f;
+-                            log_control.log_entries[i].log_type = K_LOG_FILE;
+-                            log_control.log_entries[i].lfu_fname = &cp[5];
+-                        } else {
++                    append = (cp[4] == ':') ? O_APPEND : 0;
++                    if (append || cp[4] == '=') {
++                        fd = open(&cp[5], O_CREAT | O_WRONLY | append,
++                                  S_IRUSR | S_IWUSR | S_IRGRP);
++                        if (fd != -1)
++                            f = fdopen(fd, append ? "a" : "w");
++                        if (fd == -1 || f == NULL) {
+                             fprintf(stderr,"Couldn't open log file %s: %s\n",
+                                     &cp[5], error_message(errno));
+                             continue;
+                         }
++                        set_cloexec_file(f);
++                        log_control.log_entries[i].lfu_filep = f;
++                        log_control.log_entries[i].log_type = K_LOG_FILE;
++                        log_control.log_entries[i].lfu_fname = &cp[5];
+                     }
+                 }
+ #ifdef  HAVE_SYSLOG
diff --git a/krb5.spec b/krb5.spec
index 39480a5..83ced18 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -13,7 +13,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.14
-Release: 16%{?dist}
+Release: 17%{?dist}
 # - Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
 # - The sources below are stored in a lookaside cache. Upload with
@@ -60,6 +60,7 @@ Patch148: krb5-disable_ofd_locks.patch
 Patch150: krb5-fix_interposer.patch
 Patch151: krb5-mechglue_inqure_attrs.patch
 Patch152: krb5-init_context_null_spnego.patch
+Patch153: krb5-1.14.1-log_file_permissions.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -236,6 +237,7 @@ ln NOTICE LICENSE
 %patch150 -p1 -b .fix_interposer
 %patch151 -p1 -b .mechglue_inqure_attrs
 %patch152 -p1 -b .init_context_null_spnego
+%patch153 -p1 -b .log_file_permissions
 
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
@@ -766,6 +768,10 @@ exit 0
 
 
 %changelog
+* Thu Jan 21 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-17
+- Make krb5kdc.log not world-readable by default
+- Resolves: #1276484
+
 * Thu Jan 21 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-16
 - Allow verification of attributes on krb5.conf
author	Robbie Harwood <rharwood@redhat.com>	2016-01-21 18:17:17 +0000
committer	Robbie Harwood <rharwood@redhat.com>	2016-01-21 19:05:45 +0000
commit	93772ec156e5f6902e991daee94e7b1895133ecc (patch)
tree	8f4b80fd000845b87586caad3e40567cb7d129e9
parent	892fe9b7b5d6cb1cfe60b7996015ac2d5572ca55 (diff)
download	krb5-93772ec156e5f6902e991daee94e7b1895133ecc.tar.gz krb5-93772ec156e5f6902e991daee94e7b1895133ecc.tar.xz krb5-93772ec156e5f6902e991daee94e7b1895133ecc.zip