Bug 223495 - net-p2p/bitcoin: fix typos in startup script
Summary: net-p2p/bitcoin: fix typos in startup script
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-ports-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-07 15:43 UTC by Vasil Dimov
Modified: 2017-11-08 08:23 UTC (History)
3 users (show)

See Also:
robbak: maintainer-feedback+


Attachments
fix (1.31 KB, patch)
2017-11-07 15:46 UTC, Vasil Dimov
vd: maintainer-approval? (robbak)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Vasil Dimov freebsd_committer 2017-11-07 15:43:00 UTC
The comment in the startup script of net-p2p/bitcoin mentions "bitcoind_data" and that its default value is "/var/lib/bitcoin". Both are wrong, fix them. In addition do not redirect output to a predefined file in /tmp/ as a malicious user could create a symlink with that name, pointing to some other file, which would be overwritten by the redirect.
Comment 1 Vasil Dimov freebsd_committer 2017-11-07 15:46:24 UTC
Created attachment 187824 [details]
fix
Comment 2 robbak 2017-11-07 22:53:19 UTC
Comment on attachment 187824 [details]
fix

OK, thanks, noted and approved. 

Is the issue with named file in .tmp that they get deleted, and so could be replaced by an unprivileged user, whereas files elsewhere, if the directory is not world-writable, could not be replaced with a simlink?
Comment 3 commit-hook freebsd_committer 2017-11-08 08:19:20 UTC
A commit references this bug:

Author: vd
Date: Wed Nov  8 08:18:27 UTC 2017
New revision: 453725
URL: https://svnweb.freebsd.org/changeset/ports/453725

Log:
  net-p2p/bitcoin: fix typos in startup script

  PR:		223495
  Submitted by:	vd@
  Approved by:	robbak@gmail.com (maintainer)

Changes:
  head/net-p2p/bitcoin/Makefile
  head/net-p2p/bitcoin/files/bitcoind.in
Comment 4 Vasil Dimov freebsd_committer 2017-11-08 08:23:26 UTC
Committed in r453725.

Yes, a malicious user could `ln -s /path/to/file/that/only/root_can_edit /tmp/foo` and when the root user does `command > /tmp/foo` it will overwrite that file. A safer approach is to either redirect to somewhere where symlinks cannot be planted willy-nilly by everybody or to use unpredictable names by employing mktemp(1).