rpms / mongodb

Clone
Source Code
GIT

Files

3.4 3.6 4.0 el5 el6 epel7 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 main private-mskalick-mozjs_gen rawhide
  1.   f26
  2.   CVE-2016-6494.patch
Blob Blame History Raw 
From 035cf2afc04988b22cb67f4ebfd77e9b344cb6e0 Mon Sep 17 00:00:00 2001
From: Kevin Pulo <kevin.pulo@mongodb.com>
Date: Tue, 6 Sep 2016 11:44:20 +1000
Subject: [PATCH] SERVER-25335 avoid group and other permissions when creating
 .dbshell history file

---
 jstests/noPassthrough/shell_history.js | 103 +++++++++++++++++++++++++++++++++
 src/mongo/shell/linenoise.cpp          |  14 ++++-
 2 files changed, 115 insertions(+), 2 deletions(-)
 create mode 100644 jstests/noPassthrough/shell_history.js

diff --git a/jstests/noPassthrough/shell_history.js b/jstests/noPassthrough/shell_history.js
new file mode 100644
index 0000000..72300a7
--- /dev/null
+++ b/jstests/noPassthrough/shell_history.js
@@ -0,0 +1,103 @@
+// Test that when running the shell for the first time creates the ~/.dbshell file, and it has
+// appropriate permissions (where relevant).
+
+(function() {
+    "use strict";
+
+    // Use dataPath because it includes the trailing "/" or "\".
+    var tmpHome = MongoRunner.dataPath;
+    // Ensure it exists and is a dir (eg. if running without resmoke.py and /data/db doesn't exist).
+    mkdir(tmpHome);
+    removeFile(tmpHome + ".dbshell");
+
+    var args = [];
+    var cmdline = "mongo --nodb";
+    var redirection = "";
+    var env = {};
+    if (_isWindows()) {
+        args.push("cmd.exe");
+        args.push("/c");
+
+        // Input is set to NUL.  The output must also be redirected to NUL, otherwise running the
+        // jstest manually has strange terminal IO behaviour.
+        redirection = "< NUL > NUL";
+
+        // USERPROFILE set to the tmp homedir.
+        // Since NUL is a character device, isatty() will return true, which means that .mongorc.js
+        // will be created in the HOMEDRIVE + HOMEPATH location, so we must set them also.
+        if (tmpHome.match("^[a-zA-Z]:")) {
+            var tmpHomeDrive = tmpHome.substr(0, 2);
+            var tmpHomePath = tmpHome.substr(2);
+        } else {
+            var _pwd = pwd();
+            assert(_pwd.match("^[a-zA-Z]:"), "pwd must include drive");
+            var tmpHomeDrive = _pwd.substr(0, 2);
+            var tmpHomePath = tmpHome;
+        }
+        env = {USERPROFILE: tmpHome, HOMEDRIVE: tmpHomeDrive, HOMEPATH: tmpHomePath};
+
+    } else {
+        args.push("sh");
+        args.push("-c");
+
+        // Use the mongo shell from the current dir, same as resmoke.py does.
+        // Doesn't handle resmoke's --mongo= option.
+        cmdline = "./" + cmdline;
+
+        // Set umask to 0 prior to running the shell.
+        cmdline = "umask 0 ; " + cmdline;
+
+        // stdin is /dev/null.
+        redirection = "< /dev/null";
+
+        // HOME set to the tmp homedir.
+        if (!tmpHome.startsWith("/")) {
+            tmpHome = pwd() + "/" + tmpHome;
+        }
+        env = {HOME: tmpHome};
+    }
+
+    // Add redirection to cmdline, and add cmdline to args.
+    cmdline += " " + redirection;
+    args.push(cmdline);
+    jsTestLog("Running args:\n    " + tojson(args) + "\nwith env:\n    " + tojson(env));
+    var pid = _startMongoProgram({args, env});
+    var rc = waitProgram(pid);
+
+    assert.eq(rc, 0);
+
+    var files = listFiles(tmpHome);
+    jsTestLog(tojson(files));
+
+    var findFile = function(baseName) {
+        for (var i = 0; i < files.length; i++) {
+            if (files[i].baseName === baseName) {
+                return files[i];
+            }
+        }
+        return undefined;
+    };
+
+    var targetFile = ".dbshell";
+    var file = findFile(targetFile);
+
+    assert.neq(typeof(file), "undefined", targetFile + " should exist, but it doesn't");
+    assert.eq(file.isDirectory, false, targetFile + " should not be a directory, but it is");
+    assert.eq(file.size, 0, targetFile + " should be empty, but it isn't");
+
+    if (!_isWindows()) {
+        // On Unix, check that the file has the correct mode (permissions).
+        // The shell has no way to stat a file.
+        // There is no stat utility in POSIX.
+        // `ls -l` is POSIX, so this is the best that we have.
+        // Check for exactly "-rw-------".
+        clearRawMongoProgramOutput();
+        var rc = runProgram("ls", "-l", file.name);
+        assert.eq(rc, 0);
+        var output = rawMongoProgramOutput();
+        var fields = output.split(" ");
+        // First field is the prefix, second field is the `ls -l` permissions.
+        assert.eq(fields[1], "-rw-------", targetFile + " has bad permissions");
+    }
+
+})();
diff --git a/src/mongo/shell/linenoise.cpp b/src/mongo/shell/linenoise.cpp
index f75028c..8b70214 100644
--- a/src/mongo/shell/linenoise.cpp
+++ b/src/mongo/shell/linenoise.cpp
@@ -2762,7 +2762,17 @@ int linenoiseHistorySetMaxLen(int len) {
 /* Save the history in the specified file. On success 0 is returned
  * otherwise -1 is returned. */
 int linenoiseHistorySave(const char* filename) {
-    FILE* fp = fopen(filename, "wt");
+    FILE* fp;
+#if _POSIX_C_SOURCE >= 1 || _XOPEN_SOURCE || _POSIX_SOURCE
+    int fd = open(filename, O_CREAT, S_IRUSR | S_IWUSR);
+    if (fd == -1) {
+        // report errno somehow?
+        return -1;
+    }
+    fp = fdopen(fd, "wt");
+#else
+    fp = fopen(filename, "wt");
+#endif  // _POSIX_C_SOURCE >= 1 || _XOPEN_SOURCE || _POSIX_SOURCE
     if (fp == NULL) {
         return -1;
     }
@@ -2772,7 +2782,7 @@ int linenoiseHistorySave(const char* filename) {
             fprintf(fp, "%s\n", history[j]);
         }
     }
-    fclose(fp);
+    fclose(fp);  // Also causes fd to be closed.
     return 0;
 }
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.