Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 154128 - Insecure world-readable log file creation in /tmp when debug=1
Summary: Insecure world-readable log file creation in /tmp when debug=1
Keywords:
Status: CLOSED DUPLICATE of bug 154126
Alias: None
Product: Fedora
Classification: Fedora
Component: unixODBC
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-07 17:22 UTC by Robin Green
Modified: 2013-07-03 03:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-07 17:23:33 UTC


Attachments (Terms of Use)

Description Robin Green 2005-04-07 17:22:27 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2 Fedora/1.0.2-3

Description of problem:
unixODBC, at least with the postgresql driver (I haven't tried other drivers), creates insecure log files in /tmp when the debug=1 option is set in odbc.ini.

Problems:
1. They contain passwords
2. They are world-readable(!)
3. Their filenames are predictable (mkstemp not used, apparently).

Version-Release number of selected component (if applicable):
unixODBC-2.2.9-1

How reproducible:
Always

Steps to Reproduce:
1. Install a program that uses ODBC.
2. Put debug=1 in /etc/odbc.ini
3. Restart the program that uses ODBC (in my case, "service ldap restart").

Actual Results:  A log file appears in /tmp, like this:

-rw-r--r--  1 ldap    ldap    197307 Apr  7 17:46 mylog_ldap14229.log

It contains the database password in the first few lines. 14229 is the pid of one of the ldap server processes (slapd), and this is not just a coincidence - log filenames are always generated from the pid.

Expected Results:  Either it should refuse to create a log file unless an explicit filename is given, or else I think it should use mkstemp (but still keep the pid in the filename for identification purposes) and set the permissions to -rw-------.

Additional info:

Not sure if this bug is in unixODBC or postgresql.

postgresql-7.4.7-3.FC3.1

Comment 1 Robin Green 2005-04-07 17:23:33 UTC

*** This bug has been marked as a duplicate of 154126 ***


Note You need to log in before you can comment on or make changes to this bug.