Bug 1171658 - (CVE-2020-12831) VUL-1: CVE-2020-12831: frr: default permission issue eases information leaks
VUL-1: CVE-2020-12831: frr: default permission issue eases information leaks
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Other Other
: P4 - Low : Normal (vote)
: Current
Assigned To: Erico Mendonca
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2020-05-14 10:58 UTC by Alexandros Toptsoglou
Modified: 2020-06-04 12:02 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-05-14 10:58:00 UTC

Description of problem:
By default, frr creates empty configuration files, however unfortunately with too wide permissions: As per http://docs.frrouting.org/en/latest/bgp.html, /etc/frr/bgpd.conf is also meant to contain the BGP password for peerings/sessions, thus proper default permissions should be applied by frr when even creating this file for administrator convenience. Otherwise information leaks are eased.

Version-Release number of selected component (if applicable):

How reproducible:
See above and below.

Steps to Reproduce:
1. dnf install frr
2. sed -e 's/^zebra=no/zebra=yes/' -e 's/^bgpd=no/bgpd=yes/' -i /etc/frr/daemons
3. systemctl start frr.service
4. ls -l /etc/frr/bgpd.conf
   -rw-r--r--. 1 frr frr 0 May  4 01:07 /etc/frr/bgpd.conf
5. ls -ld /etc/frr/
   drwxr-xr-x. 2 frr frr 4096 May  4 01:07 /etc/frr/

Actual results:
World-readable /etc/frr/bgpd.conf by default.

Expected results:
/etc/frr/bgpd.conf should be maybe 640 by default.

Additional info:
I did not investigate whether this is an upstream or a downstream issue, given frr.service seems to be built on an old initscript (/usr/lib/frr/frr) rather being a modern systemd unit.

Comment 1 Alexandros Toptsoglou 2020-05-14 10:59:21 UTC
Only in TW. The fix is available at [1]

[1] https://github.com/FRRouting/frr/pull/6383/commits/5c9063771195bb51a8cc1c64f9924e53a0602817
Comment 2 Erico Mendonca 2020-05-31 22:59:19 UTC
Applied the commit and submitted to Factory: https://build.opensuse.org/request/show/810509
Comment 3 Erico Mendonca 2020-06-04 12:02:45 UTC
Request has been approved.