[Pkg-openssl-devel] Bug#750103: Bug#750103: openssl: open+chmod race when creating ~/.rnd

[Kurt Roeckx]

On Sun, Jun 01, 2014 at 06:26:02PM +0200, Jakub Wilk wrote:
> Package: openssl
> Version: 1.0.1g-4
> Tags: security
> 
> openssl creates the ~/.rnd file with default permissions, then chmods it to
> 0600. In the race window between the two operations, local malicious user
> could open the file (and then keep it open as long as they wish).
> 
> Proof:
> $ strace -o '| grep -F .rnd' openssl rand 42 -out /dev/null
> stat64("/home/jwilk/.rnd", 0xff990380)  = -1 ENOENT (No such file or directory)
> stat64("/home/jwilk/.rnd", 0xff9903a0)  = -1 ENOENT (No such file or directory)
> open("/home/jwilk/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
> chmod("/home/jwilk/.rnd", 0600)         = 0

So the code looks like:
#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
        {
#ifndef O_BINARY
#define O_BINARY 0
#endif
        /* chmod(..., 0600) is too late to protect the file,
         * permissions should be restrictive from the start */
        int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
        if (fd != -1)
                out = fdopen(fd, "wb");
        }
#endif
[...]
        if (out == NULL)
                out = fopen(file,"wb");

The problem seems to be a missing "#include <fcntl.h>" for the
O_CREAT.


Kurt