Bug 1225574 - AUDIT-FIND: apache2-mod_mono: configuration defaults to predictable socket path in /tmp
Summary: AUDIT-FIND: apache2-mod_mono: configuration defaults to predictable socket pa...
Status: REOPENED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Wolfgang Frisch
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-29 09:06 UTC by Wolfgang Frisch
Modified: 2024-06-20 14:07 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2024-05-29 09:06:49 UTC 
apache2-mod_mono, by default, creates a socket `/tmp/mod_mono_server_global`, allowing unprivileged users to break the module by creating an identically named file in that location.

However
a) this behavior is documented
b) it is mitigated by a systemd hardening in the apache2 package:

> [Unit]
> Description=The Apache Webserver
> After=network.target nss-lookup.target time-sync.target remote-fs.target
> Before=getty@tty1.service plymouth-quit.service xdm.service
> PartOf=apache2.target
> [Service]
> Type=notify
> PrivateTmp=true
Comment 2 Wolfgang Frisch 2024-05-29 09:07:49 UTC 
Not following up on this, as it is mitigated by our apache2 systemd config.
Comment 3 Wolfgang Frisch 2024-06-03 09:14:20 UTC 
We decided to follow up on it after all.
Comment 4 Wolfgang Frisch 2024-06-03 12:39:56 UTC 
Side note: When the problem is mitigated by systemd PrivateTmp, the socket and thus the module become quite useless, which is another reason to change the default.