Bug 202664

Summary: mergemaster as unprivileged user dumps master.passwd into /var/tmp/temproot
Product: Base System Reporter: John D Jones III <jnbek1972>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Many People CC: freebsd, mmokhi, wjw
Priority: ---    
Version: 10.2-STABLE   
Hardware: Any   
OS: Any   
Description Flags
warn user when not running as root none

Description John D Jones III 2015-08-26 01:44:12 UTC
I accidentally ran mergemaster -pv as a normal user instead of root and this is the output:

([J:0]jnbek@rtr10[~]% mergemaster -pv                                                                                                                         [08/25/15][19:39:56])

 *** You have /usr/bin/less defined as your pager so we will use that

*** The directory specified for the temporary root environment,
    /var/tmp/temproot, exists.  This can be a security risk if untrusted
    users have access to the system.

  Use 'd' to delete the old /var/tmp/temproot and continue
  Use 't' to select a new temporary root directory
  Use 'e' to exit mergemaster

  Default is to use /var/tmp/temproot as is

How should I deal with this? [Use the existing /var/tmp/temproot] d

   *** Deleting the old /var/tmp/temproot

*** Creating the temporary root environment in /var/tmp/temproot
 *** /var/tmp/temproot ready for use
 *** Creating and populating directory structure in /var/tmp/temproot

 *** Press the [Enter] or [Return] key to continue
install: /var/tmp/temproot/etc/group: chown/chgrp: Operation not permitted

  *** FATAL ERROR: Cannot copy files to the temproot environment

([J:0]jnbek@rtr10[~]% ls -R /var/tmp/temproot                                                                                                                 [08/25/15][19:41:40])


This seems to be a bad thing. It's a stock master.passwd file but I would think that mergemaster should fail before ever messing with this file in the first place unless the user is root. If a unprivileged user gets compromised on a system, this could be used for evil, although I'm not sure exactly how.
Comment 1 Anonymous 2015-08-26 04:10:53 UTC
I think it uses /usr/src/etc/* as base and then it diffs all that to the system etc, not the actual one installed in /etc/ so I don't think there's any threat.

if you have a look at /usr/src/etc/ you will see a generic master.passwd which should be the same one youre looking at. a normal user has no access to /etc/master.passwd

-rw-------  1 root  wheel  2612 Aug 24 03:06 /etc/master.passwd

-rw-r--r--  1 root  wheel  1640 Aug 18 12:26 /usr/src/etc/master.passwd
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2015-08-26 08:52:56 UTC
This bug also affects me on 10.1-Release and 10.1-stable
Comment 3 Mahdi Mokhtari freebsd_committer freebsd_triage 2015-08-26 09:13:36 UTC
i think we [as writer of this bash script] should first of all check user privileges then run main loop. [just a simple guess]
Comment 4 Willem Jan Withagen 2015-08-26 10:24:37 UTC
Created attachment 160369 [details]
warn user when not running as root