fluentd icon indicating copy to clipboard operation
fluentd copied to clipboard

Published 20 hours ago verified publisher icon fluent

`FileUtils.mkdir_p` function call inside `backup_chunk` does not copy file permissions (e.g. sticky bit) into middle directories in the path.

Open Simon-Janos opened this issue 2 years ago • 8 comments

Is your feature request related to a problem? Please describe.

The issue there is that when fluentd fails, it creates the bad chunks in deep /tmp/../../ directory structure via FileUtils.mkdir_p function call inside backup_chunk which seems to be just a system call to the underlying linux “mkdir -p -m /tmp/..” command. -m, --mode=MODE set file mode (as in chmod), not a=rwx – umask -p, --parents no error if existing, make parent directories as needed

However when used together -m is only applies at the lowest/deepest directory of the specified directory structure not copying the sticky bit of /tmp dricetory to the middle directories. This is how Linux works, but this is a CIS vulnerability which is pointed out by vulnerability scan.

Describe the solution you'd like

In order to resolve this vulnerability, fluentd have to be changed to set -m parameters to all of the members of the directory tree somehow. https://gitlab.cncf.ci/fluent/fluentd/blob/master/lib/fluent/plugin/output.rb#L1251:

FileUtils.mkdir_p(backup_dir, mode: system_config.dir_permission || 0755) unless Dir.exist?(backup_dir)

Solution could be to change mkdir_p to some custom function which iterates through the specified directory struct applying -m (mode).

Describe alternatives you've considered

I do not see.

Additional context

No response

Simon-Janos avatar Sep 30 '21 11:09 Simon-Janos

Thanks, @Simon-Janos Do you know whether this issue is assigned to CVE-*?

kenhys avatar Oct 01 '21 06:10 kenhys

To be clear, if dir_permission was specified (like the above example), is it not vulnerable?

kenhys avatar Oct 01 '21 06:10 kenhys

Thanks, @Simon-Janos Do you know whether this issue is assigned to CVE-*?

Not to my knowledge.

Simon-Janos avatar Oct 01 '21 07:10 Simon-Janos

To be clear, if dir_permission was specified (like the above example), is it not vulnerable?

Yes the problem is that you specify a dir_permission (e.g. with sticky bit inside) but it does not apply to the whole directory structure of the specified path only to the deepest ones (and sometimes but it is to be tested not even to the deepest one), This is how Linux works, but it is not a desired behaviour.

Simon-Janos avatar Oct 01 '21 07:10 Simon-Janos

Any update?

Simon-Janos avatar Dec 08 '21 07:12 Simon-Janos

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

github-actions[bot] avatar Mar 08 '22 10:03 github-actions[bot]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

github-actions[bot] avatar Jun 07 '22 10:06 github-actions[bot]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

github-actions[bot] avatar Sep 06 '22 10:09 github-actions[bot]

This issue was automatically closed because of stale in 30 days

github-actions[bot] avatar Oct 06 '22 10:10 github-actions[bot]