rpms / iscsi-initiator-utils

Clone
Source Code
GIT

Blame SOURCES/open-iscsi-2.0.875-14-Check-for-root-peer-user-for-iscsiuio-IPC.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   cd0a22b6355382e0e04fb806a55dd837c9f0cef9
  2.   SOURCES
  3.   open-iscsi-2.0.875-14-Check-for-root-peer-user-for-iscsiuio-IPC.patch
Blob History Raw
e88930 
From e313bd648a4c8a9526421e270eb597a5de1e0c7f Mon Sep 17 00:00:00 2001
e88930 
From: Lee Duncan <lduncan@suse.com>
e88930 
Date: Fri, 15 Dec 2017 10:36:11 -0800
e88930 
Subject: [PATCH] Check for root peer user for iscsiuio IPC
e88930
e88930 
This fixes a possible vulnerability where a non-root
e88930 
process could connect with iscsiuio. Fouund by Qualsys.
e88930 
---
e88930 
 iscsiuio/src/unix/Makefile.am  |  3 ++-
e88930 
 iscsiuio/src/unix/iscsid_ipc.c | 47 ++++++++++++++++++++++++++++++++++
e88930 
 2 files changed, 49 insertions(+), 1 deletion(-)
e88930
e88930 
diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am
e88930 
index 71d54633a764..a989ef029b59 100644
e88930 
--- a/iscsiuio/src/unix/Makefile.am
e88930 
+++ b/iscsiuio/src/unix/Makefile.am
e88930 
@@ -20,7 +20,8 @@ iscsiuio_SOURCES =	build_date.c		\
e88930 
 			nic_utils.c		\
e88930 
 			packet.c		\
e88930 
 			iscsid_ipc.c		\
e88930 
-			ping.c
e88930 
+			ping.c			\
e88930 
+			${top_srcdir}/../utils/sysdeps/sysdeps.c
e88930
e88930 
 iscsiuio_CFLAGS = 	$(AM_CFLAGS)		\
e88930 
 			$(LIBNL_CFLAGS)		\
e88930 
diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
e88930 
index 658362899234..64762654c523 100644
e88930 
--- a/iscsiuio/src/unix/iscsid_ipc.c
e88930 
+++ b/iscsiuio/src/unix/iscsid_ipc.c
e88930 
@@ -37,6 +37,8 @@
e88930 
  *
e88930 
  */
e88930
e88930 
+#define _GNU_SOURCE
e88930 
+
e88930 
 #include <errno.h>
e88930 
 #include <pthread.h>
e88930 
 #include <signal.h>
e88930 
@@ -47,6 +49,8 @@
e88930 
 #include <sys/socket.h>
e88930 
 #include <sys/time.h>
e88930 
 #include <sys/un.h>
e88930 
+#include <sys/types.h>
e88930 
+#include <pwd.h>
e88930
e88930 
 #define PFX "iscsi_ipc "
e88930
e88930 
@@ -61,6 +65,7 @@
e88930 
 #include "iscsid_ipc.h"
e88930 
 #include "uip.h"
e88930 
 #include "uip_mgmt_ipc.h"
e88930 
+#include "sysdeps.h"
e88930
e88930 
 #include "logger.h"
e88930 
 #include "uip.h"
e88930 
@@ -102,6 +107,7 @@ struct iface_rec_decode {
e88930 
 	uint16_t		mtu;
e88930 
 };
e88930
e88930 
+#define PEERUSER_MAX	64
e88930
e88930 
 /******************************************************************************
e88930 
  *  Globals
e88930 
@@ -1024,6 +1030,40 @@ static void iscsid_loop_close(void *arg)
e88930 
 	LOG_INFO(PFX "iSCSI daemon socket closed");
e88930 
 }
e88930
e88930 
+/*
e88930 
+ * check that the peer user is privilidged
e88930 
+ *
e88930 
+ * return 1 if peer is ok else 0
e88930 
+ *
e88930 
+ * XXX: this function is copied from iscsid_ipc.c and should be
e88930 
+ * moved into a common library
e88930 
+ */
e88930 
+static int
e88930 
+mgmt_peeruser(int sock, char *user)
e88930 
+{
e88930 
+	struct ucred peercred;
e88930 
+	socklen_t so_len = sizeof(peercred);
e88930 
+	struct passwd *pass;
e88930 
+
e88930 
+	errno = 0;
e88930 
+	if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
e88930 
+		&so_len) != 0 || so_len != sizeof(peercred)) {
e88930 
+		/* We didn't get a valid credentials struct. */
e88930 
+		LOG_ERR(PFX "peeruser_unux: error receiving credentials: %m");
e88930 
+		return 0;
e88930 
+	}
e88930 
+
e88930 
+	pass = getpwuid(peercred.uid);
e88930 
+	if (pass == NULL) {
e88930 
+		LOG_ERR(PFX "peeruser_unix: unknown local user with uid %d",
e88930 
+				(int) peercred.uid);
e88930 
+		return 0;
e88930 
+	}
e88930 
+
e88930 
+	strlcpy(user, pass->pw_name, PEERUSER_MAX);
e88930 
+	return 1;
e88930 
+}
e88930 
+
e88930 
 /**
e88930 
  *  iscsid_loop() - This is the function which will process the broadcast
e88930 
  *                  messages from iscsid
e88930 
@@ -1033,6 +1073,7 @@ static void *iscsid_loop(void *arg)
e88930 
 {
e88930 
 	int rc;
e88930 
 	sigset_t set;
e88930 
+	char user[PEERUSER_MAX];
e88930
e88930 
 	pthread_cleanup_push(iscsid_loop_close, arg);
e88930
e88930 
@@ -1072,6 +1113,12 @@ static void *iscsid_loop(void *arg)
e88930 
 			continue;
e88930 
 		}
e88930
e88930 
+		if (!mgmt_peeruser(iscsid_opts.fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
e88930 
+			close(s2);
e88930 
+			LOG_ERR(PFX "Access error: non-administrative connection rejected");
e88930 
+			break;
e88930 
+		}
e88930 
+
e88930 
 		process_iscsid_broadcast(s2);
e88930 
 		close(s2);
e88930 
 	}
e88930 
--
e88930 
2.17.2
e88930

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation