The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Better with the patch actually attached...

Le 26/08/11 11:54, David Verdin a écrit :

address@concealed"> Hi,

I think the activation of the taint mode could be related to your particular perl version or configuration.
However, as you use a recent OS, we could expect this behaviour to spread around, so we better be ready for it.

Could you please apply the patch attached to this mail and let me know if this fixes the problem? I basically tried an operation which should untaint the file names. I did it because I suspect these variables were tainted only because they were passed as argument to a function. They don't really come from outside of the program but from an other part of this program and their value was originally computed by the program, not user-provided.

Anyway, we need these subs, so we'd better find a way to make them work.

Regards,

David

Le 23/08/11 23:30, Olaf Menkens a écrit :

address@concealed">Hello Omen,

I had the same problem here with my sympa 6.1.6 installation, I'm currently trying to set up (cross upgrading to a new - currently testing - machine from an old sympa 5.1.2).
Google teached me, that "man perlsec" describes the reason for the "Insecure dependency" error messages. So I learned, that the functions reported in the log file work with "tainted" parameters.

I analyzed the problem a little further and realized, that many error messages fill the logfile, when I open the web interface (lists view) for the first time after restarting the web server. Debug logging showed, that the initial "do_lists" command calls List::get_lists() and this function reads information about all existing mailing list. For each list, the function Lock::_lock_file() is called 4 times, and the function List::_save_stats_file() is called once. The problem is, that the parameter "$dir" is considered to be tainted.

I found a bug fix (in List::new()):

/home/sympa/bin # diff List.pm.orig List.pm
1545c1545
<     unless ($name and ($name =~ /^$listname_regexp$/io) ) {
---

    unless ($name and ($name =~ /^($listname_regexp)$/io) ) {

1548a1549,1550

    ## Untaint and lowercase the list name.
    $name = $1;

I hope, that some sympa developer will add this (or something better) to the next sympa release...

Omen, please tell me, whether it helps for you as well !

Olaf Menkens.

P.S.: I found another "Insecure dependency" error: in tools.pm, line 2750 & 2746 (unlink() and rmdir()). This occurs, when I purge old list archives. Currently I do not have a fix for that problem, but it's interesting, that the directories are deleted nevertheless, so the error message is obviously only handled like a warning, which is in my opinion helpful but quite insecure ;-)

Am 13.08.2011 01:16, schrieb Omen Wild:

[ I emailed about this back in April.  The problem seemed to go away
for a while, but it is back now. ]

Back in April we migrated an instance of Sympa 6.0.1 running on Solaris
to 6.1.4 running on RHEL 6.  We are seeing a large number of `mod_fcgid:
stderr: Insecure dependency' errors in the Apache error log.  The
errors do not happen all the time, but seem to go in bursts.

For example, since midnight last night (16 hours ago) there have been
almost 900,000 errors logged.

   Count   File
  201196   /usr/share/sympa/lib/List.pm line 9709.
  604787   /usr/share/sympa/lib/Lock.pm line 253.

Line 9709 is "open(L, ">  $file") || return undef;" in
"sub _save_stats_file {".

Line 253 is "unless (open $fh, $open_mode.$lock_file) {" in
"sub _lock_file {".

We are running sympa-6.1.4-1.20110407.RHEL6.src.rpm from
'http://sympa-ja.org/download/RHEL6.testing/SRPMS/?C=M;O=D'.  Thereare
some custom patches, but nothing in the Lock.pm module or around that
line of List.pm

I have attached the Apache config file if it helps.

Does anyone have any thoughts about how to fix this?

Thanks,
    Omen

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker

Index: src/lib/Lock.pm
===================================================================
--- src/lib/Lock.pm     (révision 7197)
+++ src/lib/Lock.pm     (copie de travail)
@@ -250,7 +250,8 @@
     
     ## Read access to prevent "Bad file number" error on Solaris
     my $fh;
-    unless (open $fh, $open_mode.$lock_file) {
+    my $untainted_lock_mode = sprintf("%s.%s",$open_mode,$lock_file)
+    unless (open $fh, $untainted_lock_mode) {
        &do_log('err', 'Cannot open %s: %s', $lock_file, $!);
        return undef;
     }
Index: src/lib/List.pm
===================================================================
--- src/lib/List.pm     (révision 7197)
+++ src/lib/List.pm     (copie de travail)
@@ -1542,11 +1542,12 @@
 
     ## Only process the list if the name is valid.
     my $listname_regexp = &tools::get_regexp('listname');
-    unless ($name and ($name =~ /^$listname_regexp$/io) ) {
+    unless ($name and ($name =~ /^($listname_regexp)$/io) ) {
        &do_log('err', 'Incorrect listname "%s"',  $name) unless 
($options->{'just_try'});
        return undef;
     }
     ## Lowercase the list name.
+    $name = $1;
     $name =~ tr/A-Z/a-z/;
     
     ## Reject listnames with reserved list suffixes
@@ -9699,8 +9700,8 @@
     }
 
     do_log('debug2', 'List::_save_stats_file(%s, %d, %d, %d)', $file, 
$total,$last_sync,$last_sync_admin_user );
-    
-    open(L, "> $file") || return undef;
+    my $untainted_filename = sprintf ("%s",$file);
+    open(L, "> $untainted_filename") || return undef;
     printf L "%d %.0f %.0f %.0f %d %d %d\n", @{$stats}, $total, $last_sync, 
$last_sync_admin_user;
     close(L);
 }

Attachment: smime.p7s
Description: Signature cryptographique S/MIME