autofs-5.1.0 - add a prefix to program map stdvars
From: Ian Kent <ikent@redhat.com>
When a program map uses an interpreted languages like python it's
possible to load and execute arbitray code from a user home directory.
This is because the standard environment variables are used to locate
and load modules when using these languages.
To avoid that we need to add a prefix to these environment names so
they aren't used for this purpose. The prefix used is "AUTOFS_" and
is not configurable.
---
CHANGELOG | 1
include/mounts.h | 4 +-
lib/mounts.c | 84 +++++++++++++++++++++++++++++++++++++++--------
modules/lookup_program.c | 2 -
modules/parse_sun.c | 8 ++--
5 files changed, 78 insertions(+), 21 deletions(-)
--- autofs-5.0.7.orig/CHANGELOG
+++ autofs-5.0.7/CHANGELOG
@@ -162,6 +162,7 @@
- make negative cache update consistent for all lookup modules.
- ensure negative cache isn't updated on remount.
- dont add wildcard to negative cache.
+- add a prefix to program map stdvars.
25/07/2012 autofs-5.0.7
=======================
--- autofs-5.0.7.orig/include/mounts.h
+++ autofs-5.0.7/include/mounts.h
@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin
struct amd_entry;
-struct substvar *addstdenv(struct substvar *sv);
-struct substvar *removestdenv(struct substvar *sv);
+struct substvar *addstdenv(struct substvar *sv, const char *prefix);
+struct substvar *removestdenv(struct substvar *sv, const char *prefix);
void add_std_amd_vars(struct substvar *sv);
void remove_std_amd_vars(void);
struct amd_entry *new_amd_entry(const struct substvar *sv);
--- autofs-5.0.7.orig/lib/mounts.c
+++ autofs-5.0.7/lib/mounts.c
@@ -32,6 +32,7 @@
#define MAX_OPTIONS_LEN 80
#define MAX_MNT_NAME_LEN 30
+#define MAX_ENV_NAME 15
#define EBUFSIZ 1024
@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m
}
#endif
-struct substvar *addstdenv(struct substvar *sv)
+static char *set_env_name(const char *prefix, const char *name, char *buf)
+{
+ size_t len;
+
+ len = strlen(name);
+ if (prefix)
+ len += strlen(prefix);
+ len++;
+
+ if (len > MAX_ENV_NAME)
+ return NULL;
+
+ if (!prefix)
+ strcpy(buf, name);
+ else {
+ strcpy(buf, prefix);
+ strcat(buf, name);
+ }
+ return buf;
+}
+
+static struct substvar *do_macro_addvar(struct substvar *list,
+ const char *prefix,
+ const char *name,
+ const char *val)
+{
+ char buf[MAX_ENV_NAME + 1];
+ char *new;
+ size_t len;
+
+ new = set_env_name(prefix, name, buf);
+ if (new) {
+ len = strlen(new);
+ list = macro_addvar(list, new, len, val);
+ }
+ return list;
+}
+
+static struct substvar *do_macro_removevar(struct substvar *list,
+ const char *prefix,
+ const char *name)
+{
+ char buf[MAX_ENV_NAME + 1];
+ char *new;
+ size_t len;
+
+ new = set_env_name(prefix, name, buf);
+ if (new) {
+ len = strlen(new);
+ list = macro_removevar(list, new, len);
+ }
+ return list;
+}
+
+struct substvar *addstdenv(struct substvar *sv, const char *prefix)
{
struct substvar *list = sv;
struct thread_stdenv_vars *tsv;
@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv
num = (long) tsv->uid;
ret = sprintf(numbuf, "%ld", num);
if (ret > 0)
- list = macro_addvar(list, "UID", 3, numbuf);
+ list = do_macro_addvar(list, prefix, "UID", numbuf);
num = (long) tsv->gid;
ret = sprintf(numbuf, "%ld", num);
if (ret > 0)
- list = macro_addvar(list, "GID", 3, numbuf);
- list = macro_addvar(list, "USER", 4, tsv->user);
- list = macro_addvar(list, "GROUP", 5, tsv->group);
- list = macro_addvar(list, "HOME", 4, tsv->home);
+ list = do_macro_addvar(list, prefix, "GID", numbuf);
+ list = do_macro_addvar(list, prefix, "USER", tsv->user);
+ list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
+ list = do_macro_addvar(list, prefix, "HOME", tsv->home);
mv = macro_findvar(list, "HOST", 4);
if (mv) {
char *shost = strdup(mv->val);
@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv
char *dot = strchr(shost, '.');
if (dot)
*dot = '\0';
- list = macro_addvar(list, "SHOST", 5, shost);
+ list = do_macro_addvar(list,
+ prefix, "SHOST", shost);
free(shost);
}
}
@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv
return list;
}
-struct substvar *removestdenv(struct substvar *sv)
+struct substvar *removestdenv(struct substvar *sv, const char *prefix)
{
struct substvar *list = sv;
- list = macro_removevar(list, "UID", 3);
- list = macro_removevar(list, "USER", 4);
- list = macro_removevar(list, "HOME", 4);
- list = macro_removevar(list, "GID", 3);
- list = macro_removevar(list, "GROUP", 5);
- list = macro_removevar(list, "SHOST", 5);
+ list = do_macro_removevar(list, prefix, "UID");
+ list = do_macro_removevar(list, prefix, "USER");
+ list = do_macro_removevar(list, prefix, "HOME");
+ list = do_macro_removevar(list, prefix, "GID");
+ list = do_macro_removevar(list, prefix, "GROUP");
+ list = do_macro_removevar(list, prefix, "SHOST");
return list;
}
--- autofs-5.0.7.orig/modules/lookup_program.c
+++ autofs-5.0.7/modules/lookup_program.c
@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po
if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
/* Add standard environment as seen by sun map parser */
- pctxt->subst = addstdenv(pctxt->subst);
+ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
macro_setenv(pctxt->subst);
}
execl(ctxt->mapname, ctxt->mapname, name, NULL);
--- autofs-5.0.7.orig/modules/parse_sun.c
+++ autofs-5.0.7/modules/parse_sun.c
@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap,
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
macro_lock();
- ctxt->subst = addstdenv(ctxt->subst);
+ ctxt->subst = addstdenv(ctxt->subst, NULL);
mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
if (mapent_len == 0) {
error(ap->logopt, MODPREFIX "failed to expand map entry");
- ctxt->subst = removestdenv(ctxt->subst);
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
macro_unlock();
pthread_setcancelstate(cur_state, NULL);
return 1;
@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap,
if (!pmapent) {
char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
logerr(MODPREFIX "alloca: %s", estr);
- ctxt->subst = removestdenv(ctxt->subst);
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
macro_unlock();
pthread_setcancelstate(cur_state, NULL);
return 1;
@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap,
pmapent[mapent_len] = '\0';
expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
- ctxt->subst = removestdenv(ctxt->subst);
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
macro_unlock();
pthread_setcancelstate(cur_state, NULL);