Re: [chrony-dev] chrony 3.5.1 and PATH

Re: [chrony-dev] chrony 3.5.1 and PATH_MAX

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
From: Matthias Andree <mandree@xxxxxxxxxxx>
Date: Mon, 24 Aug 2020 19:03:51 +0200

Am 24.08.20 um 09:16 schrieb Miroslav Lichvar:
> On Sat, Aug 22, 2020 at 12:19:58PM +0200, Matthias Andree wrote:

>> Looking at
>> <https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.5-stable&id=f00fed20092b6a42283f29c6ee1f58244d74b545>,
>> I see that it is using char foo[PATH_MAX] - note that PATH_MAX is the
>> maximum path length forÂ  a path *COMPONENT* so strictly speaking
>> join_path() into some buffer that is PATH_MAX large can fail.
> 
> That's understood and it's noted in the original commit. PATH_MAX is
> just a constant chosen to unify the lengths of all buffers that hold a
> path in the chrony code and join_path() is supposed to return zero if
> the joined path is too long.

Right, hadn't dived deeply into 2fc8edacb810 or looked beyond the
overall semantics.

>> I've learned some lessons between fetchmail 6.4.0-rc4 and fetchmail
>> 6.4.5 in particular (repo available on Gitlab) and concluded to exclude
>> some corner cases explicitly, in fetchmail.
> 
> Not supporting systems that don't have PATH_MAX? I see in the log an
> issue with realpath(). I'm not sure if chronyd ever used a system
> function that had an assumption about output buffer like that.

realpath() serves a different purpose (normalize path names, resolve
traversals and symlinks and all that) than join_path() does, but
ultimately has the same requirement: "portably give me some allocated
memory large enough to fit a pathname".  It's a bit harder for
realpath() because - unlike join_path() - it does not have control over
its input and what it finds.

At any rate, I set the "discovery" date to the first relevant commit here:
<https://vuxml.freebsd.org/freebsd/719f06af-e45e-11ea-95a1-c3b8167b8026.html>

However is 2020-08-06 the real date that the symlink vulnerability was
discovered (or a bug understood as vulnerability), or was that some
earlier date?

Thanks.

Best regards
Matthias


-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
  - From: Miroslav Lichvar

References:
- [chrony-dev] chrony 3.5.1 and PATH_MAX
  - From: Matthias Andree
- Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
Next by Date: Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
Previous by thread: Re: [chrony-dev] chrony 3.5.1 and PATH_MAX
Next by thread: Re: [chrony-dev] chrony 3.5.1 and PATH_MAX

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/