[Bro-Dev] #290: Argument validation of open()
Bro Tracker
bro-dev at bro-ids.org
Mon Oct 18 12:24:31 PDT 2010
#290: Argument validation of open()
---------------------+------------------------------------------------------
Reporter: vallenti | Owner:
Type: Problem | Status: new
Priority: Normal | Component: Bro
Version: 1.5.1 | Keywords:
---------------------+------------------------------------------------------
The script function open() can overwrite important system files if called
with the wrong arguments. For example,
{{{
redef notice_file = open("/dev/null");
}}}
Overwrites `/dev/null` with an ASCII file, which can have detrimental
effects on the system integrity. Some ideas for mitigation:
(1) Ensure that the file type is ASCII text (and not, say, a character
special).
(2) Do not allow log files to be created in /dev.
(3) Do not overwrite existing files.
(4) Make `open("")` be equivalent to writing into `/dev/null`.
(5) Allow for log file deactivation with a new mechanism.
Matthias
--
Ticket URL: <http://tracker.icir.org/bro/ticket/290>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list