Don't load configs from user directory when setuid

When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.

https://bugzilla.redhat.com/show_bug.cgi?id=985014

6 files changed, 144 insertions, 2 deletions

diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index e699e66..d29d9ec 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -227,6 +227,11 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf,
 		goto finished;
 	}
 
+	if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
+		p11_debug ("skipping user config in setuid or setgid program");
+		mode = CONF_USER_NONE;
+	}
+
 	if (mode != CONF_USER_NONE) {
 		path = p11_path_expand (user_conf);
 		if (!path) {
diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am
index 6963850..16ba280 100644
--- a/p11-kit/tests/Makefile.am
+++ b/p11-kit/tests/Makefile.am
@@ -40,6 +40,7 @@ endif
 
 noinst_PROGRAMS = \
 	print-messages \
+	frob-setuid \
 	$(CHECK_PROGS)
 
 TESTS = $(CHECK_PROGS)
diff --git a/p11-kit/tests/files/system-modules/one.module b/p11-kit/tests/files/system-modules/one.module
index 15cb7f2..5f49a8f 100644
--- a/p11-kit/tests/files/system-modules/one.module
+++ b/p11-kit/tests/files/system-modules/one.module
@@ -1,4 +1,5 @@
 
 module: mock-one.so
 setting: system1
-trust-policy: yes
\ No newline at end of file
+trust-policy: yes
+number: 18
diff --git a/p11-kit/tests/files/user-modules/one.module b/p11-kit/tests/files/user-modules/one.module
index 6f1a2e8..5197daf 100644
--- a/p11-kit/tests/files/user-modules/one.module
+++ b/p11-kit/tests/files/user-modules/one.module
@@ -1,3 +1,4 @@
 
 setting: user1
-managed: yes
\ No newline at end of file
+managed: yes
+number: 33
diff --git a/p11-kit/tests/frob-setuid.c b/p11-kit/tests/frob-setuid.c
new file mode 100644
index 0000000..e546ece
--- /dev/null
+++ b/p11-kit/tests/frob-setuid.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "compat.h"
+#include "p11-kit.h"
+
+int
+main (void)
+{
+	CK_FUNCTION_LIST **modules;
+	CK_FUNCTION_LIST *module;
+	char *field;
+	char *name;
+	int ret;
+	int i;
+
+	/*
+	 * Use 'chmod ug+s frob-setuid' to change this program
+	 * and test the output with/without setuid or setgid.
+	 */
+
+	putenv ("P11_KIT_STRICT=1");
+
+	modules = p11_kit_modules_load_and_initialize (0);
+	assert (modules != NULL);
+
+	/* This is a system configured module */
+	module = p11_kit_module_for_name (modules, "one");
+	assert (module != NULL);
+
+	field = p11_kit_config_option (module, "setting");
+	printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
+
+	assert (field != NULL);
+	if (getauxval (AT_SECURE))
+		assert (strcmp (field, "system1") == 0);
+	else
+		assert (strcmp (field, "user1") == 0);
+
+	free (field);
+
+	for (i = 0; modules[i] != NULL; i++) {
+		name = p11_kit_module_get_name (modules[i]);
+		printf ("%s\n", name);
+		free (name);
+	}
+
+	field = p11_kit_config_option (module, "number");
+	printf ("'number' on module 'one': %s\n", field ? field : "(null)");
+
+	ret = atoi (field ? field : "0");
+	assert (ret != 0);
+	free (field);
+
+	p11_kit_modules_finalize_and_release (modules);
+	return ret;
+}
diff --git a/p11-kit/tests/test-conf.c b/p11-kit/tests/test-conf.c
index c214bac..3a94c12 100644
--- a/p11-kit/tests/test-conf.c
+++ b/p11-kit/tests/test-conf.c
@@ -46,6 +46,12 @@
 #include "p11-kit.h"
 #include "private.h"
 
+#ifdef OS_UNIX
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
 static void
 test_parse_conf_1 (void)
 {
@@ -391,6 +397,36 @@ test_parse_boolean (void)
 	assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true));
 }
 
+#ifdef OS_UNIX
+
+static void
+test_setuid (void)
+{
+	const char *args[] = { BUILDDIR "/frob-setuid", NULL, };
+	char *path;
+	int ret;
+
+	/* This is the 'number' setting set in one.module user configuration. */
+	ret = p11_test_run_child (args, true);
+	assert_num_eq (ret, 33);
+
+	path = p11_test_copy_setgid (args[0]);
+	if (path == NULL)
+		return;
+
+	args[0] = path;
+
+	/* This is the 'number' setting set in one.module system configuration. */
+	ret = p11_test_run_child (args, true);
+	assert_num_eq (ret, 18);
+
+	if (unlink (path) < 0)
+		assert_fail ("unlink failed", strerror (errno));
+	free (path);
+}
+
+#endif /* OS_UNIX */
+
 int
 main (int argc,
       char *argv[])
@@ -410,5 +446,8 @@ main (int argc,
 	p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only");
 	p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none");
 	p11_test (test_parse_boolean, "/conf/test_parse_boolean");
+#ifdef OS_UNIX
+	p11_test (test_setuid, "/conf/setuid");
+#endif
 	return p11_test_run (argc, argv);
 }