[Linux-PowerEdge] Bug in bootstrap.cgi

Kenneth Porter shiva at sewingwitch.com
Tue Jan 12 07:49:29 CST 2021


This bug is still there over a year later, now at line 124. I discovered it 
when I ran the script and rkhunter reported the suspicious text file in 
/dev the next morning. The file contents are the output of the gpg command. 
The script is linked from this page:

<https://linux.dell.com/repo/hardware/dsu/>

(Top-posting only because most people aren't going to have the original 
message from 14 months ago in their local folder to see Paddy's analysis. 
Please trim if you reply this week.)

--On Friday, October 25, 2019 6:03 PM +0100 Paddy Doyle 
<paddy at tchpc.tcd.ie> wrote:

>
> [EXTERNAL EMAIL]
>
> Hi,
>
> There's a subtle bug in the bootstrap.cgi script [0] for configuring the
> GPG keys for the repos.
>
> There's a non-printable character on line 122, which causes the script
> to create a new text file '/dev/nullNON_PRINTABLE_CHARS_HERE'
>
> Basically the bug creates a file that looks like /dev/null but again is
> hard to spot:
>
> $ ls -1 /dev/null*
> /dev/null
> /dev/null 
>
>
> 'ls -Q' can show the strangeness, or 'stat':
>
> $ ls -1Q /dev/null*
> "/dev/null"
> "/dev/null "
>
> $ stat /dev/null* | grep File
>   File: '/dev/null'
>   File: '/dev/null '
>
>
> You can't view the chars easily:
>
> $ sed -n '122p' dell_bootstrap.cgi
>     email=$(gpg -v ${GPG_FN} 2>/dev/null  | grep -i @dell.com | sed
> 's/.*<\(.*\)>.*/\1/')
>
>
> But with 'od -c' you can see them '302' and '240':
>
> $ sed -n '122p' dell_bootstrap.cgi | od -c
> 0000000                   e   m   a   i   l   =   $   (   g   p   g
> 0000020   -   v       $   {   G   P   G   _   F   N   }       2   >   /
> 0000040   d   e   v   /   n   u   l   l 302 240       |       g   r   e
> 0000060   p       -   i       @   d   e   l   l   .   c   o   m       |
> 0000100       s   e   d       '   s   /   .   *   <   \   (   .   *   \
> 0000120   )   >   .   *   /   \   1   /   '   )  \n
> 0000133
>
>
> I'd imagine the bug was the result of a simple text editor snafu.
>
> The "/dev/null " file does no harm, but just in case you want to remove
> it you could use something like:
>
>   find /dev -type f -name "null*" -exec mv -vi {} /tmp \;
>
> Paddy
>
> [0] https://linux.dell.com/repo/hardware/dsu/bootstrap.cgi
>
> --
> Paddy Doyle
> Research IT / Trinity Centre for High Performance Computing,
> Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
> Phone: +353-1-896-3725
> https://www.tchpc.tcd.ie/




More information about the Linux-PowerEdge mailing list