Anonymous | Login | 2024-11-22 23:10 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001087 | PacketFence | scanning | public | 2010-10-08 14:56 | 2011-10-24 20:24 | |||
Reporter | obilodeau | |||||||
Assigned To | obilodeau | |||||||
Priority | high | Severity | major | Reproducibility | sometimes | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | ||||||||
Target Version | 3.0.0 | Fixed in Version | 3.0.0 | |||||
Summary | 0001087: nessus scans don't work with bin/pfcmd setuid/setgid (which is the default) | |||||||
Description | doing stuff in the lab, we came up to this problem.. Here's the error: -sh-3.2$ /usr/local/pf/bin/pfcmd schedule now 192.168.2.253 Insecure dependency in open while running setgid at /usr/local/pf/lib/pf/scan.pm line 77 (0000001) (F) You tried to do something that the tainting mechanism didn't like. The tainting mechanism is turned on when you're running setuid or setgid, or when you specify -T to turn it on explicitly. The tainting mechanism labels all data that's derived directly or indirectly from the user, who is considered to be unworthy of your trust. If any such data is used in a "dangerous" operation, you get this error. See perlsec for more information. Uncaught exception from user code: Insecure dependency in open while running setgid at /usr/local/pf/lib/pf/scan.pm line 77. at /usr/local/pf/lib/pf/scan.pm line 77 pf::scan::runScan(192.168.2.253) called at /usr/local/pf/bin/pfcmd line 1367 main::schedule() called at /usr/local/pf/bin/pfcmd line 247 Possible fixes: - untaint / laundry variables to make perl happy - have a separate CLI for it which doesn't require setuid/setgid - re-architect the whole thing to drop setuid/setgid requirements - sudo profiles? | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | fd18daff77b97ab16edef499a8d0751cce5b54de | |||||||
Attached Files | ||||||||
Notes | |
(0001885) obilodeau (reporter) 2011-02-25 13:54 |
remember to increase warning level to FATAL in pf::pfcmd::checkup::permissions() once this is fixed |
(0002092) obilodeau (reporter) 2011-06-17 17:49 |
fixed by sanitizing / untainting the data in the path to a nessus scan |
(0002093) obilodeau (reporter) 2011-06-17 17:49 |
Reminder sent to: fgaudreault You'll probably be glad to hear that this one is fixed. |
(0002278) obilodeau (reporter) 2011-09-21 22:20 |
fix released in 3.0 |
Issue History | |||
Date Modified | Username | Field | Change |
2010-10-08 14:56 | obilodeau | New Issue | |
2010-11-15 13:38 | obilodeau | Relationship added | related to 0001116 |
2011-01-18 11:41 | obilodeau | Target Version | => 2.1.0 |
2011-02-25 13:40 | obilodeau | Relationship added | related to 0001025 |
2011-02-25 13:54 | obilodeau | Note Added: 0001885 | |
2011-03-03 15:15 | obilodeau | Target Version | 2.1.0 => +1 |
2011-03-03 15:18 | obilodeau | Target Version | +1 => +2 |
2011-03-03 15:42 | obilodeau | Assigned To | => obilodeau |
2011-03-03 15:42 | obilodeau | Severity | minor => major |
2011-03-03 15:42 | obilodeau | Status | new => confirmed |
2011-03-03 15:42 | obilodeau | Target Version | +2 => +1 |
2011-06-17 17:26 | obilodeau | Description Updated | |
2011-06-17 17:49 | obilodeau | mtn revision | => fd18daff77b97ab16edef499a8d0751cce5b54de |
2011-06-17 17:49 | obilodeau | Note Added: 0002092 | |
2011-06-17 17:49 | obilodeau | Status | confirmed => resolved |
2011-06-17 17:49 | obilodeau | Fixed in Version | => +1 |
2011-06-17 17:49 | obilodeau | Resolution | open => fixed |
2011-06-17 17:49 | obilodeau | Note Added: 0002093 | |
2011-09-21 22:20 | obilodeau | Fixed in Version | +1 => 3.0.0 |
2011-09-21 22:20 | obilodeau | Note Added: 0002278 | |
2011-09-21 22:21 | obilodeau | Status | resolved => closed |
2011-10-24 20:24 | obilodeau | Target Version | +1 => 3.0.0 |
Copyright © 2000 - 2012 MantisBT Group |