Bug 256472

Summary: sysutils/zrepl: /var/run/zrepl should not be world-readable
Product: Ports & Packages Reporter: Raúl <raul.munoz>
Component: Individual Port(s)Assignee: Lewis Cook <lcook>
Status: Closed FIXED    
Severity: Affects Many People CC: asomers, raul.munoz
Priority: --- Keywords: needs-patch, needs-qa, security
Version: LatestFlags: lcook: maintainer-feedback+
lcook: merge-quarterly+
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255981
Attachments:
Description Flags
/var/run/zrepl.pid
none
/var/run/zrepl.pid none

Description Raúl 2021-06-07 20:04:32 UTC 
From: https://zrepl.github.io/configuration/misc.html#runtime-directories-unix-sockets

[....]
The zrepl daemon needs to open various UNIX sockets in a runtime directory:

    a control socket that the CLI commands use to interact with the daemon
    the ssh+stdinserver Transport listener opens one socket per configured client, named after client_identity parameter

There is no authentication on these sockets except the UNIX permissions. The zrepl daemon will refuse to bind any of the above sockets in a directory that is world-accessible.
[....]

by default, this control socket is created at /var/run/zrepl
0750 would work, but not 0755
Comment 1 Alan Somers freebsd_committer freebsd_triage 2021-06-07 20:31:12 UTC 
Thanks for that tip, Raul.  Would it be ok to make the /var/run/zrepl directory 700 again, but move the pidfile to /var/run/zrepl.pid?  That would solve the original problem in bug 255981.
Comment 2 Raúl 2021-06-08 04:29:55 UTC 
Created attachment 225628 [details]
/var/run/zrepl.pid
Comment 3 Raúl 2021-06-08 04:32:53 UTC 
(In reply to Alan Somers from comment #1)
Yes, that works here.
Comment 4 Raúl 2021-06-08 04:47:11 UTC 
Created attachment 225630 [details]
/var/run/zrepl.pid

a bit sleepy here, don't forget /var/run/zrepl permissions
Comment 5 Lewis Cook freebsd_committer freebsd_triage 2021-06-08 15:04:33 UTC 
Thank you for the report, apologies for the oversight in what appeared a trivial change.  I'll get round to committing this and as well MFH into 2021Q2.
Comment 6 commit-hook freebsd_committer freebsd_triage 2021-06-08 15:19:04 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=621d9c9f594a0f7d049cb44dab25efed81c35c91

commit 621d9c9f594a0f7d049cb44dab25efed81c35c91
Author:     Lewis Cook <lcook@FreeBSD.org>
AuthorDate: 2021-06-08 15:09:48 +0000
Commit:     Lewis Cook <lcook@FreeBSD.org>
CommitDate: 2021-06-08 15:17:27 +0000

    sysutils/zrepl: /var/run/zrepl should not be world-readable

    This partially reverts commit 2a866a1, and instead installs
    the pidfile to /var/run/zrepl.pid fixing the problem seen in
    PR 255981.

    As taken from the zrepl documentation[1]:

    [....]
    The zrepl daemon needs to open various UNIX sockets in a runtime directory:

    a control socket that the CLI commands use to interact with the daemon
    the ssh+stdinserver Transport listener opens one socket per configured
    client, named after client_identity parameter

    There is no authentication on these sockets except the UNIX permissions.
    The zrepl daemon will refuse to bind any of the above sockets in a
    directory that is world-accessible.
    [....]

    [1]     https://zrepl.github.io/configuration/misc.html#runtime-directories-unix-sockets

    PR:             256472
    Reported by:    Raúl <raul.munoz@custos.es>

 sysutils/zrepl/Makefile       | 2 +-
 sysutils/zrepl/files/zrepl.in | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-06-08 15:21:06 UTC 
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3d3959434d9744fa26de7a15119e2e98578f3503

commit 3d3959434d9744fa26de7a15119e2e98578f3503
Author:     Lewis Cook <lcook@FreeBSD.org>
AuthorDate: 2021-06-08 15:09:48 +0000
Commit:     Lewis Cook <lcook@FreeBSD.org>
CommitDate: 2021-06-08 15:19:20 +0000

    sysutils/zrepl: /var/run/zrepl should not be world-readable

    This partially reverts commit 2a866a1, and instead installs
    the pidfile to /var/run/zrepl.pid fixing the problem seen in
    PR 255981.

    As taken from the zrepl documentation[1]:

    [....]
    The zrepl daemon needs to open various UNIX sockets in a runtime directory:

    a control socket that the CLI commands use to interact with the daemon
    the ssh+stdinserver Transport listener opens one socket per configured
    client, named after client_identity parameter

    There is no authentication on these sockets except the UNIX permissions.
    The zrepl daemon will refuse to bind any of the above sockets in a
    directory that is world-accessible.
    [....]

    [1]     https://zrepl.github.io/configuration/misc.html#runtime-directories-unix-sockets

    PR:             256472
    Reported by:    Raúl <raul.munoz@custos.es>

    (cherry picked from commit 621d9c9f594a0f7d049cb44dab25efed81c35c91)

 sysutils/zrepl/Makefile       | 2 +-
 sysutils/zrepl/files/zrepl.in | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 8 Lewis Cook freebsd_committer freebsd_triage 2021-06-08 15:22:44 UTC 
Committed, if there are any further issues regarding this please re-open the bug.  Otherwise, thank you both!