From f2ed227673d3b2da643eb5cad26b2d87674f28c1 Mon Sep 17 00:00:00 2001 From: "John C. Frickson" Date: Wed, 9 Nov 2016 15:16:55 -0600 Subject: [PATCH] root privilege escalation fix --- Changelog | 5 ++++- daemon-init.in | 16 +++++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/Changelog b/Changelog index 410e250ce..4a304ff3f 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,9 @@ Nagios Core 4 Change Log 4.2.x - xxxx-xx-xx ------------------- +SECURITY FIXES +* Fixed a root privilege escalation + FIXES * external command during reload doesn't work (John Frickson) * Nagios provides no error condition as to why it fails on the verify for serviceescalation (John Frickson) @@ -19,7 +22,7 @@ FIXES * nagios: job XX (pid=YY): read() returned error 11 (changed from LOG_ERR to LOG_NOTICE) (John Frickson) -4.2.2 - 2016-10-xx +4.2.2 - 2016-10-24 ------------------ SECURITY FIXES * There was a fix to vulnerability CVE-2008-4796 in the 4.2.0 release on diff --git a/daemon-init.in b/daemon-init.in index 3a2ffee2a..fd637645b 100644 --- a/daemon-init.in +++ b/daemon-init.in @@ -79,7 +79,7 @@ if test "$USE_RAMDISK" -ne 0 && test "$RAMDISK_SIZE"X != "X"; then mkdir -p -m 0755 ${RAMDISK_DIR} mount -t tmpfs -o size=${RAMDISK_SIZE}m tmpfs ${RAMDISK_DIR} mkdir -p -m 0755 ${RAMDISK_DIR}/checkresults - chown -R $NagiosUser:$NagiosGroup ${RAMDISK_DIR} + chown -h -R $NagiosUser:$NagiosGroup ${RAMDISK_DIR} fi fi @@ -91,10 +91,16 @@ check_config () WARN=`grep ^"Total Warnings:" "$TMPFILE" |awk -F: '{print \$2}' |sed s/' '//g` ERR=`grep ^"Total Errors:" "$TMPFILE" |awk -F: '{print \$2}' |sed s/' '//g` + rm -f "$NagiosCfgtestFile"; + if test -e "$NagiosCfgtestFile"; then + echo "ERROR: Could not delete '$NagiosCfgtestFile'" + exit 8 + fi + if test "$WARN" = "0" && test "${ERR}" = "0"; then echo "OK - Configuration check verified" > $NagiosCfgtestFile chmod 0644 $NagiosCfgtestFile - chown $NagiosUser:$NagiosGroup $NagiosCfgtestFile + chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile /bin/rm "$TMPFILE" return 0 elif test "${ERR}" = "0"; then @@ -102,7 +108,7 @@ check_config () echo "WARNING: Warnings in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile chmod 0644 $NagiosCfgtestFile - chown $NagiosUser:$NagiosGroup $NagiosCfgtestFile + chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile /bin/rm "$TMPFILE" return 0 else @@ -110,7 +116,7 @@ check_config () echo "ERROR: Errors in config files - see log for details: $NagiosCfgtestFile" > $NagiosCfgtestFile egrep -i "(^warning|^error)" "$TMPFILE" >> $NagiosCfgtestFile chmod 0644 $NagiosCfgtestFile - chown $NagiosUser:$NagiosGroup $NagiosCfgtestFile + chown -h $NagiosUser:$NagiosGroup $NagiosCfgtestFile cat "$TMPFILE" exit 8 fi @@ -188,7 +194,7 @@ case "$1" in touch $NagiosVarDir/nagios.log $NagiosRetentionFile rm -f $NagiosCommandFile touch $NagiosRunFile - chown $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile + chown -h $NagiosUser:$NagiosGroup $NagiosRunFile $NagiosVarDir/nagios.log $NagiosRetentionFile $NagiosBin -d $NagiosCfgFile if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi