PacketFence - BTS - PacketFence | ||||||||||
| View Issue Details | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||
| 0001087 | PacketFence | scanning | public | 2010-10-08 14:56 | 2011-10-24 20:24 | |||||
| Reporter | obilodeau | |||||||||
| Assigned To | obilodeau | |||||||||
| Priority | high | Severity | major | Reproducibility | sometimes | |||||
| Status | closed | Resolution | fixed | |||||||
| Platform | OS | OS Version | ||||||||
| Product Version | ||||||||||
| Target Version | 3.0.0 | Fixed in Version | 3.0.0 | |||||||
| fixed in git revision | ||||||||||
| fixed in mtn revision | fd18daff77b97ab16edef499a8d0751cce5b54de | |||||||||
| Summary | 0001087: nessus scans don't work with bin/pfcmd setuid/setgid (which is the default) | |||||||||
| Description | doing stuff in the lab, we came up to this problem.. Here's the error: -sh-3.2$ /usr/local/pf/bin/pfcmd schedule now 192.168.2.253 Insecure dependency in open while running setgid at /usr/local/pf/lib/pf/scan.pm line 77 (0000001) (F) You tried to do something that the tainting mechanism didn't like. The tainting mechanism is turned on when you're running setuid or setgid, or when you specify -T to turn it on explicitly. The tainting mechanism labels all data that's derived directly or indirectly from the user, who is considered to be unworthy of your trust. If any such data is used in a "dangerous" operation, you get this error. See perlsec for more information. Uncaught exception from user code: Insecure dependency in open while running setgid at /usr/local/pf/lib/pf/scan.pm line 77. at /usr/local/pf/lib/pf/scan.pm line 77 pf::scan::runScan(192.168.2.253) called at /usr/local/pf/bin/pfcmd line 1367 main::schedule() called at /usr/local/pf/bin/pfcmd line 247 Possible fixes: - untaint / laundry variables to make perl happy - have a separate CLI for it which doesn't require setuid/setgid - re-architect the whole thing to drop setuid/setgid requirements - sudo profiles? | |||||||||
| Steps To Reproduce | ||||||||||
| Additional Information | ||||||||||
| Tags | No tags attached. | |||||||||
| Relationships |
| |||||||||
| Attached Files | ||||||||||
| Issue History | ||||||||||
| Date Modified | Username | Field | Change | |||||||
| 2010-10-08 14:56 | obilodeau | New Issue | ||||||||
| 2010-11-15 13:38 | obilodeau | Relationship added | related to 0001116 | |||||||
| 2011-01-18 11:41 | obilodeau | Target Version | => 2.1.0 | |||||||
| 2011-02-25 13:40 | obilodeau | Relationship added | related to 0001025 | |||||||
| 2011-02-25 13:54 | obilodeau | Note Added: 0001885 | ||||||||
| 2011-03-03 15:15 | obilodeau | Target Version | 2.1.0 => +1 | |||||||
| 2011-03-03 15:18 | obilodeau | Target Version | +1 => +2 | |||||||
| 2011-03-03 15:42 | obilodeau | Assigned To | => obilodeau | |||||||
| 2011-03-03 15:42 | obilodeau | Severity | minor => major | |||||||
| 2011-03-03 15:42 | obilodeau | Status | new => confirmed | |||||||
| 2011-03-03 15:42 | obilodeau | Target Version | +2 => +1 | |||||||
| 2011-06-17 17:26 | obilodeau | Description Updated | ||||||||
| 2011-06-17 17:49 | obilodeau | mtn revision | => fd18daff77b97ab16edef499a8d0751cce5b54de | |||||||
| 2011-06-17 17:49 | obilodeau | Note Added: 0002092 | ||||||||
| 2011-06-17 17:49 | obilodeau | Status | confirmed => resolved | |||||||
| 2011-06-17 17:49 | obilodeau | Fixed in Version | => +1 | |||||||
| 2011-06-17 17:49 | obilodeau | Resolution | open => fixed | |||||||
| 2011-06-17 17:49 | obilodeau | Note Added: 0002093 | ||||||||
| 2011-09-21 22:20 | obilodeau | Fixed in Version | +1 => 3.0.0 | |||||||
| 2011-09-21 22:20 | obilodeau | Note Added: 0002278 | ||||||||
| 2011-09-21 22:21 | obilodeau | Status | resolved => closed | |||||||
| 2011-10-24 20:24 | obilodeau | Target Version | +1 => 3.0.0 | |||||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||