>From 3774432cdb8e6a2cf6183d496ad7a2678883b592 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Tue, 5 Feb 2013 14:05:29 +0100 Subject: [PATCH] Fix insecure logging location (CVE-FILL_ME) --- trunk/doc/xnbd-server.8.sgml | 2 +- trunk/doc/xnbd-wrapper.8.sgml | 2 +- trunk/xnbd_common.c | 11 +++++------ trunk/xnbd_common.h | 6 ++---- trunk/xnbd_server.c | 9 +++++---- trunk/xnbd_wrapper.c | 10 +++++++--- 6 files changed, 21 insertions(+), 19 deletions(-) diff --git a/trunk/doc/xnbd-server.8.sgml b/trunk/doc/xnbd-server.8.sgml index 6033a17..63c65fe 100644 --- a/trunk/doc/xnbd-server.8.sgml +++ b/trunk/doc/xnbd-server.8.sgml @@ -172,7 +172,7 @@ manpage.1: manpage.sgml - Log informational messages to the given FILE if given. Defaults to /tmp/xnbd.log + Log informational messages to the given FILE if given. Defaults to /var/log/xnbd-server.log diff --git a/trunk/doc/xnbd-wrapper.8.sgml b/trunk/doc/xnbd-wrapper.8.sgml index 1eae7a5..67d080d 100644 --- a/trunk/doc/xnbd-wrapper.8.sgml +++ b/trunk/doc/xnbd-wrapper.8.sgml @@ -126,7 +126,7 @@ manpage.1: manpage.sgml - Log informational messages to the given FILE if given. Defaults to /tmp/xnbd.log + Log informational messages to the given FILE if given. Defaults to /var/log/xnbd-wrapper.log diff --git a/trunk/xnbd_common.c b/trunk/xnbd_common.c index cb3cff0..186e646 100644 --- a/trunk/xnbd_common.c +++ b/trunk/xnbd_common.c @@ -197,9 +197,9 @@ unsigned long get_disk_nblocks(off_t disksize) return (unsigned long) nblocks64; } -void redirect_stderr(const char *logfile) +void redirect_stderr(const char *logfile, const char * default_logfile) { - int logfd = open(logfile ? logfile : DEFAULT_XNBDSERVER_LOGFILE, + int logfd = open(logfile ? logfile : default_logfile, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); if (logfd < 0) err("open %s, %m", logfile); @@ -211,7 +211,7 @@ void redirect_stderr(const char *logfile) close(logfd); } -void detach(const char *logpath) +void detach(const char *logpath, const char * default_logpath) { close(STDIN_FILENO); @@ -224,9 +224,8 @@ void detach(const char *logpath) close(devnull); if(!logpath) { - logpath = DEFAULT_XNBDSERVER_LOGFILE; - info("logfile %s", logpath); - redirect_stderr(logpath); + info("logfile %s", default_logpath); + redirect_stderr(NULL, default_logpath); } int ret = daemon(0, 1); diff --git a/trunk/xnbd_common.h b/trunk/xnbd_common.h index 28e0b32..440f1d7 100644 --- a/trunk/xnbd_common.h +++ b/trunk/xnbd_common.h @@ -1,9 +1,7 @@ #ifndef XNBD_COMMON_H #define XNBD_COMMON_H -#define DEFAULT_XNBDSERVER_LOGFILE "/tmp/xnbd.log" - -void redirect_stderr(const char *logfile); -void detach(const char *logpath); +void redirect_stderr(const char *logfile, const char * default_logfile); +void detach(const char *logpath, const char * default_logpath); #endif diff --git a/trunk/xnbd_server.c b/trunk/xnbd_server.c index d07502b..dae80d2 100644 --- a/trunk/xnbd_server.c +++ b/trunk/xnbd_server.c @@ -29,6 +29,7 @@ #include +#define XNBD_SERVER_LOGFILE_DEFAULT "/var/log/xnbd-server.log" @@ -750,7 +751,7 @@ Options: \n\ --lport listen port (default 8520)\n\ --daemonize run as a daemon process\n\ --readonly export a disk as readonly\n\ - --logpath logfile (default /tmp/xnbd.log)\n\ + --logpath logfile (default /var/log/xnbd-server.log)\n\ --inetd redirect stderr for running from inetd\n\ "; @@ -825,7 +826,7 @@ int main(int argc, char **argv) { } if (inetd) - redirect_stderr(logpath); + redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT); optind = 1; @@ -994,11 +995,11 @@ int main(int argc, char **argv) { if (!inetd && logpath) { info("logfile %s", logpath); - redirect_stderr(logpath); + redirect_stderr(logpath, XNBD_SERVER_LOGFILE_DEFAULT); } if (daemonize) - detach(logpath); + detach(logpath, XNBD_SERVER_LOGFILE_DEFAULT); master_server(lport, (void *) &xnbd, connected_fd); diff --git a/trunk/xnbd_wrapper.c b/trunk/xnbd_wrapper.c index d48eb00..fb3a977 100644 --- a/trunk/xnbd_wrapper.c +++ b/trunk/xnbd_wrapper.c @@ -27,6 +27,10 @@ #include #include + +#define XNBD_WRAPPER_LOGFILE_DEFAULT "/var/log/xnbd-wrapper.log" + + /* static const int MAX_DISKIMG_NUM = 32; */ #define MAX_DISKIMG_NUM 32 @@ -367,7 +371,7 @@ int main(int argc, char **argv) { " --xnbd-binary Path to xnbd-server.\n" " --imgfile Path to disk image file. This options can be used multiple times.\n" " You can also use xnbd-wrapper-ctl to (de)register disk images dynamically.\n" - " --logpath logfile (default /tmp/xnbd.log)\n" + " --logpath logfile (default /var/log/xnbd-wrapper.log)\n" " --laddr Listen address.\n" " --socket Unix socket path to listen on (default: /tmp/xnbd_wrapper.ctl).\n" "\n" @@ -405,12 +409,12 @@ int main(int argc, char **argv) { if (logpath) { info("logfile %s", logpath); - redirect_stderr(logpath); + redirect_stderr(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT); } if (daemonize) - detach(logpath); + detach(logpath, XNBD_WRAPPER_LOGFILE_DEFAULT); list_diskimg(&dsklist, stdout); -- 1.7.10.4