|
 |
a60cd7 |
From 3bdf6305f6a8501a692e1a98f98e0be9d3922a1d Mon Sep 17 00:00:00 2001
|
|
|
a60cd7 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
Date: Wed, 20 May 2015 08:08:58 +0200
|
|
|
a60cd7 |
Subject: [ABRT PATCH] a-a-i-d-t-a-cache: don't open the build_ids file as abrt
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Opening the build_ids file as abrt may lead to information disclosure.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Related: #1216962
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
---
|
|
|
a60cd7 |
.../abrt-action-install-debuginfo-to-abrt-cache.c | 30 +++++++++++++++++-----
|
|
|
a60cd7 |
1 file changed, 23 insertions(+), 7 deletions(-)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
diff --git a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
|
|
|
a60cd7 |
index cd9ee7a..fafb0c4 100644
|
|
|
a60cd7 |
--- a/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
|
|
|
a60cd7 |
+++ b/src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c
|
|
|
a60cd7 |
@@ -72,6 +72,11 @@ int main(int argc, char **argv)
|
|
|
a60cd7 |
};
|
|
|
a60cd7 |
const unsigned opts = parse_opts(argc, argv, program_options, program_usage_string);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
+ const gid_t egid = getegid();
|
|
|
a60cd7 |
+ const gid_t rgid = getgid();
|
|
|
a60cd7 |
+ const uid_t euid = geteuid();
|
|
|
a60cd7 |
+ const gid_t ruid = getuid();
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
/* We need to open the build ids file under the caller's UID/GID to avoid
|
|
|
a60cd7 |
* information disclosures when reading files with changed UID.
|
|
|
a60cd7 |
* Unfortunately, we cannot replace STDIN with the new fd because ABRT uses
|
|
|
a60cd7 |
@@ -82,7 +87,20 @@ int main(int argc, char **argv)
|
|
|
a60cd7 |
char *build_ids_self_fd = NULL;
|
|
|
a60cd7 |
if (strcmp("-", build_ids) != 0)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
+ if (setregid(egid, rgid) < 0)
|
|
|
a60cd7 |
+ perror_msg_and_die("setregid(egid, rgid)");
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ if (setreuid(euid, ruid) < 0)
|
|
|
a60cd7 |
+ perror_msg_and_die("setreuid(euid, ruid)");
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
const int build_ids_fd = open(build_ids, O_RDONLY);
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ if (setregid(rgid, egid) < 0)
|
|
|
a60cd7 |
+ perror_msg_and_die("setregid(rgid, egid)");
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ if (setreuid(ruid, euid) < 0 )
|
|
|
a60cd7 |
+ perror_msg_and_die("setreuid(ruid, euid)");
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
if (build_ids_fd < 0)
|
|
|
a60cd7 |
perror_msg_and_die("Failed to open file '%s'", build_ids);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
@@ -118,14 +136,12 @@ int main(int argc, char **argv)
|
|
|
a60cd7 |
/* Switch real user/group to effective ones.
|
|
|
a60cd7 |
* Otherwise yum library gets confused - gets EPERM (why??).
|
|
|
a60cd7 |
*/
|
|
|
a60cd7 |
- gid_t g = getegid();
|
|
|
a60cd7 |
/* do setregid only if we have to, to not upset selinux needlessly */
|
|
|
a60cd7 |
- if (g != getgid())
|
|
|
a60cd7 |
- IGNORE_RESULT(setregid(g, g));
|
|
|
a60cd7 |
- uid_t u = geteuid();
|
|
|
a60cd7 |
- if (u != getuid())
|
|
|
a60cd7 |
+ if (egid != rgid)
|
|
|
a60cd7 |
+ IGNORE_RESULT(setregid(egid, egid));
|
|
|
a60cd7 |
+ if (euid != ruid)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
- IGNORE_RESULT(setreuid(u, u));
|
|
|
a60cd7 |
+ IGNORE_RESULT(setreuid(euid, euid));
|
|
|
a60cd7 |
/* We are suid'ed! */
|
|
|
a60cd7 |
/* Prevent malicious user from messing up with suid'ed process: */
|
|
|
a60cd7 |
#if 1
|
|
|
a60cd7 |
@@ -179,7 +195,7 @@ int main(int argc, char **argv)
|
|
|
a60cd7 |
// abrt-action-install-debuginfo doesn't fail when spawning
|
|
|
a60cd7 |
// abrt-action-trim-files
|
|
|
a60cd7 |
char path_env[] = "PATH=/usr/sbin:/sbin:/usr/bin:/bin:"BIN_DIR":"SBIN_DIR;
|
|
|
a60cd7 |
- if (u != 0)
|
|
|
a60cd7 |
+ if (euid != 0)
|
|
|
a60cd7 |
strcpy(path_env, "PATH=/usr/bin:/bin:"BIN_DIR);
|
|
|
a60cd7 |
putenv(path_env);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
--
|
|
|
a60cd7 |
1.8.3.1
|
|
|
a60cd7 |
|