 |
eciadsl-usermode-0.12-alt2.qa1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/eciadsl-testconnection: $ grep -A5 -B5 /tmp/ /usr/bin/eciadsl-testconnection if [ $status -eq 1 ] ; then exit 0 fi # already reconnecting? ps aux > /tmp/eci-test grep startmodem /tmp/eci-test status=$? if [ $status -eq 1 ] ; then grep "eciadsl-start" /tmp/eci-test status=$? if [ $status -eq 0 ] ; then rm -f /tmp/eci-test exit 0 else rm -f /tmp/eci-test fi else rm -f /tmp/eci-test exit 0 fi rm -f /tmp/eci-test # synching? num=`ps aux|grep eciadsl-synch| wc -l` if [ $num -eq 3 ] ; then exit 0 # we are synching! Found error in /usr/bin/eciadsl-doctor: $ grep -A5 -B5 /tmp/ /usr/bin/eciadsl-doctor # note the size in lines of /var/log/messages line=`wc -l /var/log/messages | awk '{print $1}'` function fatal () { tail -n +$line /var/log/messages > /tmp/msg.log # check for "usb-uhci.c: ENXIO 80000380, flags 0, urb c7f401c0, burb c6469140" grep 'usb-uhci.c: ENXIO' /tmp/msg.log # check for "usb-uhci.c: interrupt, status 29, frame# 956" grep 'usb-uhci.c: interrupt' /tmp/msg.log # check for "usb_control/bulk_msg: timeout" grep 'usb_control/bulk_msg' /tmp/msg.log # check for "usb-uhci.c: Host controller halted, trying to restart" grep 'usb-uhci.c: Host controller halted' /tmp/msg.log # check for "usb-uhci.c: process_transfer: fixed toggle" grep 'usb-uhci.c: process_transfer' /tmp/msg.log # check for "usb-uhci.c: iso_find_start: gap in seamless isochronous scheduling" grep 'usb-uhci.c: iso_find_start' /tmp/msg.log rm /tmp/msg.log exit -1; } # use only DEVICES throughout the rest of this script if [ ! -f "${DEVICES}" ] && [ -f "${DEVICES_SUSE}" ]; then -- echo "options from $PPPD_DIR/peers/adsl. We suggest to remove this file or make a"; echo "backup copy." ; grep "^nodetach" $PPPD_DIR/options > /dev/null if [ $? -eq 0 ]; then echo "Removing 'nodetach' option from $PPPD_DIR/options..." ; grep -v "^nodetach" $PPPD_DIR/options > /tmp/options mv /tmp/options $PPPD_DIR/options fi fi # check for an existing PPP connection (select the first one if several) PPP=`ifconfig | grep "^ppp" | head -n 1 | awk '{print $1}'` if [ "$PPP" = "" ]; then echo "No existing PPP connection... trying to make one (please wait)" ; nice --20 pppd call adsl updetach | tee /tmp/ppp.log # check if we succeed in making a new PPP connection PPP=`ifconfig | grep "^ppp" | head -n 1 | awk '{print $1}'` if [ "$PPP" = "" ]; then # check for usermode driver crash grep "Modem hangup" /tmp/ppp.log > /dev/null if [ $? -eq 0 ]; then echo "PPP: very bad ... usermode driver just crashed" ; rm /tmp/ppp.log fatal; fi # check for no response from PPP grep 'LCP: timeout sending Config-Requests' /tmp/ppp.log > /dev/null if [ $? -eq 0 ]; then echo "PPP connection failed: check your vci & vpi parameters in $PPPD_DIR/peers/adsl and check for USB errors in /var/log/messages" ; rm /tmp/ppp.log fatal; fi # check for invalid password grep 'CHAP authentication failed' /tmp/ppp.log > /dev/null if [ $? -eq 0 ]; then echo "CHAP authentication failed: check your user in $PPPD_DIR/peers/adsl and the matching password in $PPPD_DIR/chap-secrets" ; rm /tmp/ppp.log fatal; fi # check for "sent [LCP ConfRej id=0xa5 ]" grep 'sent \[LCP ConfRej' /tmp/ppp.log | grep '' > /dev/null if [ $? -eq 0 ]; then echo "Password for user $user is missing in $PPPD_DIR/chap-secrets"; rm /tmp/ppp.log fatal; fi echo "Cannot make a PPP connection: Fatal" ; rm /tmp/ppp.log fatal; else rm /tmp/ppp.log echo "PPP connection is OK" ; fi else echo "PPP connection is OK" ; fi |