diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-17 11:57:02 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-18 08:45:57 +0200 |
commit | 936e4c229a4ed205e9981fc4f31acea063701b69 (patch) | |
tree | f6f9c7fcbee8a097e7b1abfad9c4bdd8552708cc /p11-kit | |
parent | 81a6e16539e5e4a27c55194ae095cc4a75d08ade (diff) |
Don't load configs from user directory when setuid
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
Diffstat (limited to 'p11-kit')
-rw-r--r-- | p11-kit/conf.c | 5 | ||||
-rw-r--r-- | p11-kit/tests/Makefile.am | 1 | ||||
-rw-r--r-- | p11-kit/tests/files/system-modules/one.module | 3 | ||||
-rw-r--r-- | p11-kit/tests/files/user-modules/one.module | 3 | ||||
-rw-r--r-- | p11-kit/tests/frob-setuid.c | 95 | ||||
-rw-r--r-- | p11-kit/tests/test-conf.c | 39 |
6 files changed, 144 insertions, 2 deletions
diff --git a/p11-kit/conf.c b/p11-kit/conf.c index e699e66..d29d9ec 100644 --- a/p11-kit/conf.c +++ b/p11-kit/conf.c @@ -227,6 +227,11 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf, goto finished; } + if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) { + p11_debug ("skipping user config in setuid or setgid program"); + mode = CONF_USER_NONE; + } + if (mode != CONF_USER_NONE) { path = p11_path_expand (user_conf); if (!path) { diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am index 6963850..16ba280 100644 --- a/p11-kit/tests/Makefile.am +++ b/p11-kit/tests/Makefile.am @@ -40,6 +40,7 @@ endif noinst_PROGRAMS = \ print-messages \ + frob-setuid \ $(CHECK_PROGS) TESTS = $(CHECK_PROGS) diff --git a/p11-kit/tests/files/system-modules/one.module b/p11-kit/tests/files/system-modules/one.module index 15cb7f2..5f49a8f 100644 --- a/p11-kit/tests/files/system-modules/one.module +++ b/p11-kit/tests/files/system-modules/one.module @@ -1,4 +1,5 @@ module: mock-one.so setting: system1 -trust-policy: yes
\ No newline at end of file +trust-policy: yes +number: 18 diff --git a/p11-kit/tests/files/user-modules/one.module b/p11-kit/tests/files/user-modules/one.module index 6f1a2e8..5197daf 100644 --- a/p11-kit/tests/files/user-modules/one.module +++ b/p11-kit/tests/files/user-modules/one.module @@ -1,3 +1,4 @@ setting: user1 -managed: yes
\ No newline at end of file +managed: yes +number: 33 diff --git a/p11-kit/tests/frob-setuid.c b/p11-kit/tests/frob-setuid.c new file mode 100644 index 0000000..e546ece --- /dev/null +++ b/p11-kit/tests/frob-setuid.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2012 Red Hat Inc + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@redhat.com> + */ + +#include "config.h" + +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "compat.h" +#include "p11-kit.h" + +int +main (void) +{ + CK_FUNCTION_LIST **modules; + CK_FUNCTION_LIST *module; + char *field; + char *name; + int ret; + int i; + + /* + * Use 'chmod ug+s frob-setuid' to change this program + * and test the output with/without setuid or setgid. + */ + + putenv ("P11_KIT_STRICT=1"); + + modules = p11_kit_modules_load_and_initialize (0); + assert (modules != NULL); + + /* This is a system configured module */ + module = p11_kit_module_for_name (modules, "one"); + assert (module != NULL); + + field = p11_kit_config_option (module, "setting"); + printf ("'setting' on module 'one': %s\n", field ? field : "(null)"); + + assert (field != NULL); + if (getauxval (AT_SECURE)) + assert (strcmp (field, "system1") == 0); + else + assert (strcmp (field, "user1") == 0); + + free (field); + + for (i = 0; modules[i] != NULL; i++) { + name = p11_kit_module_get_name (modules[i]); + printf ("%s\n", name); + free (name); + } + + field = p11_kit_config_option (module, "number"); + printf ("'number' on module 'one': %s\n", field ? field : "(null)"); + + ret = atoi (field ? field : "0"); + assert (ret != 0); + free (field); + + p11_kit_modules_finalize_and_release (modules); + return ret; +} diff --git a/p11-kit/tests/test-conf.c b/p11-kit/tests/test-conf.c index c214bac..3a94c12 100644 --- a/p11-kit/tests/test-conf.c +++ b/p11-kit/tests/test-conf.c @@ -46,6 +46,12 @@ #include "p11-kit.h" #include "private.h" +#ifdef OS_UNIX +#include <sys/stat.h> +#include <sys/wait.h> +#include <unistd.h> +#endif + static void test_parse_conf_1 (void) { @@ -391,6 +397,36 @@ test_parse_boolean (void) assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true)); } +#ifdef OS_UNIX + +static void +test_setuid (void) +{ + const char *args[] = { BUILDDIR "/frob-setuid", NULL, }; + char *path; + int ret; + + /* This is the 'number' setting set in one.module user configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 33); + + path = p11_test_copy_setgid (args[0]); + if (path == NULL) + return; + + args[0] = path; + + /* This is the 'number' setting set in one.module system configuration. */ + ret = p11_test_run_child (args, true); + assert_num_eq (ret, 18); + + if (unlink (path) < 0) + assert_fail ("unlink failed", strerror (errno)); + free (path); +} + +#endif /* OS_UNIX */ + int main (int argc, char *argv[]) @@ -410,5 +446,8 @@ main (int argc, p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only"); p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none"); p11_test (test_parse_boolean, "/conf/test_parse_boolean"); +#ifdef OS_UNIX + p11_test (test_setuid, "/conf/setuid"); +#endif return p11_test_run (argc, argv); } |