[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: If $HISTFILE is set to /dev/null and you execute more commands than
From: |
Chet Ramey |
Subject: |
Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted. |
Date: |
Sat, 31 Jan 2015 17:40:04 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 1/30/15 3:50 PM, Jonathan Hankins wrote:
> I agree about being able to use named pipes, etc. as HISTFILE. My concern
> is that I think there may be a code path that leads to rename() and
> open(O_TRUNC...) being called on something that isn't a regular file.
OK, say the history file is not a regular file. What negative scenarios
are possible if the history library opens that file with O_TRUNC?
> Furthermore, I think that if someone can manipulate a user's HISTFILE
> setting maliciously, there may be a code path to cause an unwitting
> overwrite of a file whose name ends in hyphen.
If someone can manipulate a user's $HISTFILE setting, they can overwrite
any file the user has permission to write. It's always been thus.
>
> Specifically, if lib/readline/histfile.c:{append,write}_history() get
> called, in turn history_do_write() is called, which results in an open with
> append or a trunc, and when overwrite is set, a rename to HISTFILE + "-".
> It doesn't look like the return value from rename(output, bakname) is
> tested, and if the open() on HISTFILE fails, it does a rename(bakname,
> output) to "restore" the backup, also not checking the return value from
> rename().
I wrote in the message you quoted that I agreed with you that the history
code shouldn't try to back up non-regular files:
> I don't think that readline should be attempting to do backups of non-
> regular files, though. The history file truncation code, which is called
> when HISTFILESIZE is changed, already rejects attempts to use non-regular
> files.
And I agree that the history code should check the value of the first
rename(2) and set the backup file name to NULL if it fails. That will
prevent any attempts to use it to restore a previously-backed-up file.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
- If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., crocket, 2015/01/30
- If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., crocket, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Chet Ramey, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Greg Wooledge, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Jonathan Hankins, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Chet Ramey, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Jonathan Hankins, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Andreas Schwab, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Jonathan Hankins, 2015/01/30
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted., Chet Ramey, 2015/01/31
- Re: If $HISTFILE is set to /dev/null and you execute more commands than $HISTFILESIZE, /dev/null is deleted.,
Chet Ramey <=