summaryrefslogtreecommitdiff
path: root/p11-kit
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2013-07-17 11:57:02 +0200
committerStef Walter <stef@thewalter.net>2013-07-18 08:45:57 +0200
commit936e4c229a4ed205e9981fc4f31acea063701b69 (patch)
treef6f9c7fcbee8a097e7b1abfad9c4bdd8552708cc /p11-kit
parent81a6e16539e5e4a27c55194ae095cc4a75d08ade (diff)
Don't load configs from user directory when setuid
When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
Diffstat (limited to 'p11-kit')
-rw-r--r--p11-kit/conf.c5
-rw-r--r--p11-kit/tests/Makefile.am1
-rw-r--r--p11-kit/tests/files/system-modules/one.module3
-rw-r--r--p11-kit/tests/files/user-modules/one.module3
-rw-r--r--p11-kit/tests/frob-setuid.c95
-rw-r--r--p11-kit/tests/test-conf.c39
6 files changed, 144 insertions, 2 deletions
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index e699e66..d29d9ec 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -227,6 +227,11 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf,
goto finished;
}
+ if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
+ p11_debug ("skipping user config in setuid or setgid program");
+ mode = CONF_USER_NONE;
+ }
+
if (mode != CONF_USER_NONE) {
path = p11_path_expand (user_conf);
if (!path) {
diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am
index 6963850..16ba280 100644
--- a/p11-kit/tests/Makefile.am
+++ b/p11-kit/tests/Makefile.am
@@ -40,6 +40,7 @@ endif
noinst_PROGRAMS = \
print-messages \
+ frob-setuid \
$(CHECK_PROGS)
TESTS = $(CHECK_PROGS)
diff --git a/p11-kit/tests/files/system-modules/one.module b/p11-kit/tests/files/system-modules/one.module
index 15cb7f2..5f49a8f 100644
--- a/p11-kit/tests/files/system-modules/one.module
+++ b/p11-kit/tests/files/system-modules/one.module
@@ -1,4 +1,5 @@
module: mock-one.so
setting: system1
-trust-policy: yes \ No newline at end of file
+trust-policy: yes
+number: 18
diff --git a/p11-kit/tests/files/user-modules/one.module b/p11-kit/tests/files/user-modules/one.module
index 6f1a2e8..5197daf 100644
--- a/p11-kit/tests/files/user-modules/one.module
+++ b/p11-kit/tests/files/user-modules/one.module
@@ -1,3 +1,4 @@
setting: user1
-managed: yes \ No newline at end of file
+managed: yes
+number: 33
diff --git a/p11-kit/tests/frob-setuid.c b/p11-kit/tests/frob-setuid.c
new file mode 100644
index 0000000..e546ece
--- /dev/null
+++ b/p11-kit/tests/frob-setuid.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "compat.h"
+#include "p11-kit.h"
+
+int
+main (void)
+{
+ CK_FUNCTION_LIST **modules;
+ CK_FUNCTION_LIST *module;
+ char *field;
+ char *name;
+ int ret;
+ int i;
+
+ /*
+ * Use 'chmod ug+s frob-setuid' to change this program
+ * and test the output with/without setuid or setgid.
+ */
+
+ putenv ("P11_KIT_STRICT=1");
+
+ modules = p11_kit_modules_load_and_initialize (0);
+ assert (modules != NULL);
+
+ /* This is a system configured module */
+ module = p11_kit_module_for_name (modules, "one");
+ assert (module != NULL);
+
+ field = p11_kit_config_option (module, "setting");
+ printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
+
+ assert (field != NULL);
+ if (getauxval (AT_SECURE))
+ assert (strcmp (field, "system1") == 0);
+ else
+ assert (strcmp (field, "user1") == 0);
+
+ free (field);
+
+ for (i = 0; modules[i] != NULL; i++) {
+ name = p11_kit_module_get_name (modules[i]);
+ printf ("%s\n", name);
+ free (name);
+ }
+
+ field = p11_kit_config_option (module, "number");
+ printf ("'number' on module 'one': %s\n", field ? field : "(null)");
+
+ ret = atoi (field ? field : "0");
+ assert (ret != 0);
+ free (field);
+
+ p11_kit_modules_finalize_and_release (modules);
+ return ret;
+}
diff --git a/p11-kit/tests/test-conf.c b/p11-kit/tests/test-conf.c
index c214bac..3a94c12 100644
--- a/p11-kit/tests/test-conf.c
+++ b/p11-kit/tests/test-conf.c
@@ -46,6 +46,12 @@
#include "p11-kit.h"
#include "private.h"
+#ifdef OS_UNIX
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
static void
test_parse_conf_1 (void)
{
@@ -391,6 +397,36 @@ test_parse_boolean (void)
assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true));
}
+#ifdef OS_UNIX
+
+static void
+test_setuid (void)
+{
+ const char *args[] = { BUILDDIR "/frob-setuid", NULL, };
+ char *path;
+ int ret;
+
+ /* This is the 'number' setting set in one.module user configuration. */
+ ret = p11_test_run_child (args, true);
+ assert_num_eq (ret, 33);
+
+ path = p11_test_copy_setgid (args[0]);
+ if (path == NULL)
+ return;
+
+ args[0] = path;
+
+ /* This is the 'number' setting set in one.module system configuration. */
+ ret = p11_test_run_child (args, true);
+ assert_num_eq (ret, 18);
+
+ if (unlink (path) < 0)
+ assert_fail ("unlink failed", strerror (errno));
+ free (path);
+}
+
+#endif /* OS_UNIX */
+
int
main (int argc,
char *argv[])
@@ -410,5 +446,8 @@ main (int argc,
p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only");
p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none");
p11_test (test_parse_boolean, "/conf/test_parse_boolean");
+#ifdef OS_UNIX
+ p11_test (test_setuid, "/conf/setuid");
+#endif
return p11_test_run (argc, argv);
}