Skip to content
Permalink
Browse files

Merge branch 'maint'

  • Loading branch information...
John C. Frickson
John C. Frickson committed Dec 7, 2016
2 parents bc90881 + 8e6e1cb commit c29557dec91eba2306f5fb11b8da4474ba63f8c4
Showing with 51 additions and 6 deletions.
  1. +6 −0 Changelog
  2. +1 −0 THANKS
  3. +44 −6 base/logging.c
@@ -2,6 +2,12 @@
Nagios Core 4 Change Log
########################

4.2.x - xxxx-xx-xx
------------------
SECURITY FIXES
* Fixed another root privilege escalation (CVE-2016-9566) Thanks for bringing this
to our attention go to Dawid Golunski (http://legalhackers.com).


4.2.3 - 2016-11-21
-------------------
1 THANKS
@@ -70,6 +70,7 @@ wrong, please let me know.
* David Kmoch
* David Schlecht
* David Tilloy
* Dawid Golunski
* Dean Lane
* Denis Seleznyov
* Dennis Biringer
@@ -112,17 +112,39 @@ static void write_to_all_logs_with_timestamp(char *buffer, unsigned long data_ty

static FILE *open_log_file(void)
{
int fh;
struct stat st;

if(log_fp) /* keep it open unless we rotate */
return log_fp;

log_fp = fopen(log_file, "a+");
if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR)) == -1) {
if (daemon_mode == FALSE)
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
return NULL;
}
log_fp = fdopen(fh, "a+");
if(log_fp == NULL) {
if (daemon_mode == FALSE) {
if (daemon_mode == FALSE)
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
}
return NULL;
}

if ((fstat(fh, &st)) == -1) {
log_fp = NULL;
close(fh);
if (daemon_mode == FALSE)
printf("Warning: Cannot fstat log file '%s'\n", log_file);
return NULL;
}
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
log_fp = NULL;
close(fh);
if (daemon_mode == FALSE)
printf("Warning: log file '%s' has an invalid mode\n", log_file);
return NULL;
}

(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
return log_fp;
}
@@ -447,7 +469,10 @@ int write_log_file_info(time_t *timestamp) {


/* opens the debug log for writing */
int open_debug_log(void) {
int open_debug_log(void)
{
int fh;
struct stat st;

/* don't do anything if we're not actually running... */
if(verify_config || test_scheduling == TRUE)
@@ -457,10 +482,23 @@ int open_debug_log(void) {
if(debug_level == DEBUGL_NONE)
return OK;

if((debug_file_fp = fopen(debug_file, "a+")) == NULL)
if ((fh = open(debug_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR)) == -1)
return ERROR;
if((debug_file_fp = fdopen(fh, "a+")) == NULL)
return ERROR;

if ((fstat(fh, &st)) == -1) {
debug_file_fp = NULL;
close(fh);
return ERROR;
}
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
debug_file_fp = NULL;
close(fh);
return ERROR;
}

(void)fcntl(fileno(debug_file_fp), F_SETFD, FD_CLOEXEC);
(void)fcntl(fh, F_SETFD, FD_CLOEXEC);

return OK;
}

0 comments on commit c29557d

Please sign in to comment.
You can’t perform that action at this time.