Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

tcpwrappers /etc/hosts.deny permissions bug fix

Bug fix to not modify /etc/hosts.deny permissions when removing
tcpwrappers auto-block rules. This issue was reported as Debian bug #724267
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724267) and relayed via
Franck Joncourt. Closes issue #7 on github.
  • Loading branch information...
commit a06ce15012fe71908a749480b02c179d4ac782f7 1 parent 11ea904
@mrash authored
Showing with 11 additions and 0 deletions.
  1. +4 −0 ChangeLog
  2. +7 −0 psad
View
4 ChangeLog
@@ -8,6 +8,10 @@ psad-2.2.3 (//2014):
copied to the /etc/init.d/ directory.
- (Wolfgang Breyha) Bug fix to allow VLAN interfaces and interface aliases
in IGNORE_INTERFACES. This fixes issue #8 on github.
+ - Bug fix to not modify /etc/hosts.deny permissions when removing
+ tcpwrappers auto-block rules. This issue was reported as Debian bug
+ #724267 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724267) and
+ relayed via Franck Joncourt. Closes issue #7 on github.
psad-2.2.2 (01/13/2014):
- Added detection for Errata Security's "Masscan" port scanner that was
View
7 psad
@@ -6819,6 +6819,9 @@ sub tcpwr_rm_block() {
"$config{'ETC_HOSTS_DENY_FILE'}: $!";
my @lines = <T>;
close T;
+
+ my $orig_perms = (stat($config{'ETC_HOSTS_DENY_FILE'}))[2] & 07777;
+
open T, "> $config{'ETC_HOSTS_DENY_FILE'}.tmp" or die '[*] Could not open ',
"$config{'ETC_HOSTS_DENY_FILE'}.tmp: $!";
for my $line (@lines) {
@@ -6836,6 +6839,10 @@ sub tcpwr_rm_block() {
}
}
close T;
+
+ ### set permissions on the tmp file to be identical to the original
+ chmod $orig_perms, "$config{'ETC_HOSTS_DENY_FILE'}.tmp";
+
move "$config{'ETC_HOSTS_DENY_FILE'}.tmp", $config{'ETC_HOSTS_DENY_FILE'}
or die "[*] Could not move $config{'ETC_HOSTS_DENY_FILE'}.tmp -> ",
"$config{'ETC_HOSTS_DENY_FILE'}";
Please sign in to comment.
Something went wrong with that request. Please try again.