When reading untrusted user files, don't risk blocking, such that

users can't mount a DOS attack against security(8), and for additional
safety against race attacks, make sure they are regular files after
opening and before actually reading them.

Issue originally hinted at by Sevan Janiyan <venture37 at
geeklan dot com dot uk> based on a NetBSD commit message,
then commented on by tedu@, problem finally confirmed by guenther@,
who also provided feedback on the actual patch.

1 files changed, 6 insertions, 3 deletions

diff --git a/libexec/security/security b/libexec/security/security
index 65ec816e985..2b35d17b3bd 100644
--- a/libexec/security/security
+++ b/libexec/security/security
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -T
 
-# $OpenBSD: security,v 1.35 2015/04/21 10:24:22 schwarze Exp $
+# $OpenBSD: security,v 1.36 2015/07/21 19:07:13 schwarze Exp $
 #
 # Copyright (c) 2011, 2012, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
 # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com>
@@ -22,7 +22,7 @@ use strict;
 
 use Digest::SHA qw(sha256_hex);
 use Errno qw(ENOENT);
-use Fcntl qw(:mode);
+use Fcntl qw(O_RDONLY O_NONBLOCK :mode);
 use File::Basename qw(basename);
 use File::Compare qw(compare);
 use File::Copy qw(copy);
@@ -371,9 +371,12 @@ sub check_rhosts_content {
 	foreach my $base (qw(rhosts shosts)) {
 		my $filename = "$home/.$base";
 		next unless -s $filename;
-		nag !open(my $fh, '<', $filename),
+		nag !sysopen(my $fh, $filename, O_RDONLY | O_NONBLOCK),
 		    "open: $filename: $!"
 		    and next;
+		nag !(-f $fh),
+		    "$filename is not a regular file"
+		    and next;
 		local $_;
 		nag /^\+\s*$/,
 		    "$filename has + sign in it."