[ntp:security] [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Oct 13 21:00:34 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2938

--- Comment #6 from Juergen Perlinger <perlinger at ntp.org> 2015-10-13 21:00:34 UTC ---
(In reply to comment #5)
> 
> That would only work with Unix. VMS has a totally different permission
> structure and Windows is actually closer to that. I don't remember if O_EXCL
> can be used in either of them via some sort of function call.
> 
Windows (well, MSVCRT) calls it '_open()' (that gets remapped via #define) and
supports '_O_CREAT|_O_EXCL' with the same meaning as Posix. Note the additional
underscores *sigh*

If this code compiles at all under VMS, they have at least something that looks
suspiciously close to 'open()'. Since the O_xxx constants are all defines,
checking with the preprocessor should not be much of a problem.

(In reply to comment #4)

I did not allow a leading period intentionally as this creates 'hidden' files.
(Also the check is not really done by regular expression matching. The regex I
gave is just the equivalent.)

In this case I prefer to err on the side of safety, even when being more
restrictive than strictly necessary.

Pearly

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list