Subject: bin/29676: systrace: string operator "eq" is case-insensitive
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 03/12/2005 12:03:00
>Number: 29676
>Category: bin
>Synopsis: systrace: string operator "eq" is case-insensitive
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 12 12:03:00 +0000 2005
>Originator: Christian Biere
>Release: NetBSD 2.99.11
>Environment:
System: NetBSD cyclonus 2.99.11 NetBSD 2.99.11 (STARSCREAM) #4: Fri Jan 7 14:02:19 CET 2005 bin@cyclonus:/usr/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
The rule
netbsd-fsread: filename eq "/tmp" then permit
grants access to /tmp, /Tmp, /TMP etc. There are certainly times where
you want case-insensitive rules e.g., for FAT or HFS+ filesystems but
"eq" is documented as "exact match" and should definitely be implemented
as such.
This was posted by John Wong to lucky.openbsd.misc.
>How-To-Repeat:
$ systrace -A /bin/ls $HOME/tmp
$ mkdir $HOME/Tmp
$ touch $HOME/Tmp/blah
$ systrace -a /bin/ls $HOME/Tmp
blah
>Fix:
Replace strcasecmp() with strcmp() in bin/systrace/filter.c
filter_stringmatch() and filter_negstringmatch().