[patch] make vncpasswd create ~/.vnc if it doesn't exist

Andrew van der Stock ajv "at" greebo.net
Tue, 04 Sep 2001 03:39:07 +0000


NO! NO! NO! NO!*

Do not EVER trust the environment, particularly when using sprintf() with
bounded arrays! This is how we got into all that locale, xmcd, kerberos,
dtmail (and so on... the list is endless) bother.

Create the directory securely, and test for its existance before you go out
and create it. This is how symlink attacks occur.

The mode of the .vnc directory should be 700 not, 755. There is no reason to
create this directory as 755, as this allows any user to discover the user's
VNC password.

Test the error result, don't just ignore it!

Andrew

* :-) in case you feel that I'm being too harsh. But this is about security,
so I'm being harsh.

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Tim Waugh
Sent: Tuesday, 4 September 2001 03:36
To: vnc-list "at" uk.research.att.com
Subject: [patch] make vncpasswd create ~/.vnc if it doesn't exist


Here is a patch that makes vncpasswd create ~/.vnc if it doesn't
exist, rather than failing with a less than obvious error message.

Tim.
*/

--- vnc_unixsrc/vncpasswd/vncpasswd.c.vncuserdir	Tue Aug 17 12:31:42 1999
+++ vnc_unixsrc/vncpasswd/vncpasswd.c	Mon Sep  3 18:09:06 2001
@@ -24,9 +24,12 @@
  *              anyway.
  */

+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 #include <unistd.h>
 #include "vncauth.h"

@@ -38,6 +41,7 @@
 int main(int argc, char *argv[]) {
   char *passwd;
   char *passwd1;
+  char passwdDir[256];
   char passwdFile[256];
   int i;

@@ -46,7 +50,8 @@
 	  fprintf(stderr,"Error: no HOME environment variable\n");
 	  exit(1);
       }
-      sprintf(passwdFile,"%s/.vnc/passwd",getenv("HOME"));
+      sprintf(passwdDir,"%s/.vnc",getenv("HOME"));
+      sprintf(passwdFile,"%s/passwd",passwdDir);

   } else if (argc == 2) {

@@ -78,6 +83,12 @@
     }

     if (strcmp(passwd1, passwd) == 0) {
+      if (mkdir (passwdDir, (S_IRWXU | S_IRGRP | S_IXGRP |
+			     S_IROTH | S_IXOTH)) == -1 &&
+	  errno != EEXIST) {
+	perror ("~/.vnc");
+	exit (1);
+      }
       if (vncEncryptAndStorePasswd(passwd, passwdFile) != 0) {
 	fprintf(stderr,"Cannot write password file %s\n",passwdFile);
 	exit(1);
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------