fixed security issue

User can read only his debugdump directories
author: Zdenek Prikryl <zprikryl@redhat.com> 2009-06-30 09:14:12 +0200
committer: Zdenek Prikryl <zprikryl@redhat.com> 2009-06-30 09:14:12 +0200
commit: dcca51525ab4994cb8c1232e9698a534109288db (patch)
tree: bf514895323c86de40989b5bc73954f8515c151f /lib
parent: a0c9339e53a2e9c2d340aeecadd00fbc62e8443b (diff)
8 files changed, 87 insertions, 30 deletions
diff --git a/lib/Plugins/CCpp.cpp b/lib/Plugins/CCpp.cpp
index d7291ee..65dbd24 100644
--- a/lib/Plugins/CCpp.cpp
+++ b/lib/Plugins/CCpp.cpp
@@ -35,6 +35,7 @@
 #include <string.h>
 #include <iomanip>
 #include <grp.h>
+#include <pwd.h>
 
 #include <nss.h>
 #include <sechash.h>
@@ -358,6 +359,22 @@ void CAnalyzerCCpp::GetIndependentBuldIdPC(const std::string& pBuildIdPC, std::s
     }
 }
 
+gid_t CAnalyzerCCpp::GetGIDFromUID(const std::string& pUID)
+{
+    struct passwd* pw;
+
+    while (( pw = getpwent()) != NULL)
+    {
+        if (pw->pw_uid == atoi(pUID.c_str()))
+        {
+            setpwent();
+            return pw->pw_gid;
+        }
+    }
+    setpwent();
+    return -1;
+}
+
 void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std::string& pUID, std::string& pOutput)
 {
     int pipeout[2];
@@ -365,7 +382,12 @@ void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std:
     struct timeval delay;
     fd_set rsfd;
     pid_t child;
+    gid_t GID[1];
 
+    if ((GID[0] = GetGIDFromUID(pUID)) == -1)
+    {
+        CABRTException(EXCEP_PLUGIN, "CAnalyzerCCpp::ExecVP(): cannot get GUI for UID.");
+    }
     pipe(pipeout);
     fcntl(pipeout[1], F_SETFD, FD_CLOEXEC);
 
@@ -373,13 +395,10 @@ void CAnalyzerCCpp::ExecVP(const char* pCommand, char* const pArgs[], const std:
     m_Pid = child;
     if (child == -1)
     {
-        CABRTException(EXCEP_PLUGIN, "CAnalyzerCCpp::RunGdb():  fork failed.");
+        CABRTException(EXCEP_PLUGIN, "CAnalyzerCCpp::ExecVP(): fork failed.");
     }
     if(child == 0)
     {
-        gid_t GID[1];
-        GID[0] = atoi(pUID.c_str());
-
         close(STDIN_FILENO);
         close(STDOUT_FILENO);
         close(STDERR_FILENO);
diff --git a/lib/Plugins/CCpp.h b/lib/Plugins/CCpp.h
index 222bcbf..9503b22 100644
--- a/lib/Plugins/CCpp.h
+++ b/lib/Plugins/CCpp.h
@@ -37,6 +37,7 @@ class CAnalyzerCCpp : public CAnalyzer
 		void GetBacktrace(const std::string& pDebugDumpDir, std::string& pBacktrace);
 		void GetIndependentBacktrace(const std::string& pBacktrace, std::string& pIndependentBacktrace);
 		void GetIndependentBuldIdPC(const std::string& pBuildIdPC, std::string& pIndependentBuildIdPC);
+		gid_t GetGIDFromUID(const std::string& pUID);
 		void ExecVP(const char* pCommand, char* const pArgs[], const std::string& pUID, std::string& pOutput);
 		std::string CreateHash(const std::string& pInput);
 	public:
diff --git a/lib/Plugins/KerneloopsScanner.cpp b/lib/Plugins/KerneloopsScanner.cpp
index 855213b..cced147 100644
--- a/lib/Plugins/KerneloopsScanner.cpp
+++ b/lib/Plugins/KerneloopsScanner.cpp
@@ -60,9 +60,8 @@ void CKerneloopsScanner::SaveOopsToDebugDump()
 
         try
         {
-            m_pDebugDump.Create(m_sPath);
+            m_pDebugDump.Create(m_sPath, "0");
             m_pDebugDump.SaveText(FILENAME_ANALYZER, "Kerneloops");
-            m_pDebugDump.SaveText(FILENAME_UID, "0");
             m_pDebugDump.SaveText(FILENAME_EXECUTABLE, "kernel");
             m_pDebugDump.SaveText(FILENAME_KERNEL, m_pOops.m_sVersion);
             m_pDebugDump.SaveText(FILENAME_PACKAGE, "not_applicable");
diff --git a/lib/Python/PyABRTUtils.cpp b/lib/Python/PyABRTUtils.cpp
index 9ce5a38..e56ba07 100644
--- a/lib/Python/PyABRTUtils.cpp
+++ b/lib/Python/PyABRTUtils.cpp
@@ -59,7 +59,7 @@ typedef struct {
     PyObject_HEAD
     CDebugDump *obj;
 } PyCDebugDump;
-    
+
 
 extern PyTypeObject PyCDebugDump_Type;
 
@@ -74,7 +74,7 @@ static int
 _wrap_PyCDebugDump__tp_init(PyCDebugDump *self, PyObject *args, PyObject *kwargs)
 {
     const char *keywords[] = {NULL};
-    
+
     if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "", (char **) keywords)) {
         return -1;
     }
@@ -87,7 +87,7 @@ PyObject *
 _wrap_PyCDebugDump_Close(PyCDebugDump *self)
 {
     PyObject *py_retval;
-    
+
     self->obj->Close();
     Py_INCREF(Py_None);
     py_retval = Py_None;
@@ -100,9 +100,10 @@ _wrap_PyCDebugDump_Create(PyCDebugDump *self, PyObject *args, PyObject *kwargs)
 {
     PyObject *py_retval;
     char *pFilename2;
-    const char *keywords[] = {"pFilename", NULL};
-    
-    if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "s", (char **) keywords, &pFilename2)) {
+    char *pUID2;
+    const char *keywords[] = {"pFilename", "pUID", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "ss", (char **) keywords, &pFilename2, &pUID2)) {
         return NULL;
     }
     self->obj->Create(pFilename2);
@@ -119,7 +120,7 @@ _wrap_PyCDebugDump_SaveText(PyCDebugDump *self, PyObject *args, PyObject *kwargs
     char *pName2;
     char *pData2;
     const char *keywords[] = {"pName", "pData", NULL};
-    
+
     if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "ss", (char **) keywords, &pName2, &pData2)) {
         return NULL;
     }
@@ -148,7 +149,7 @@ _wrap_PyCDebugDump__tp_dealloc(PyCDebugDump *self)
 static PyObject*
 _wrap_PyCDebugDump__tp_richcompare (PyCDebugDump *self, PyCDebugDump *other, int opid)
 {
-    
+
     if (!PyObject_IsInstance((PyObject*) other, (PyObject*) &PyCDebugDump_Type)) {
         Py_INCREF(Py_NotImplemented);
         return Py_NotImplemented;
diff --git a/lib/Python/PyDebugDump.cpp b/lib/Python/PyDebugDump.cpp
index 9ce5a38..b45b84a 100644
--- a/lib/Python/PyDebugDump.cpp
+++ b/lib/Python/PyDebugDump.cpp
@@ -59,7 +59,7 @@ typedef struct {
     PyObject_HEAD
     CDebugDump *obj;
 } PyCDebugDump;
-    
+
 
 extern PyTypeObject PyCDebugDump_Type;
 
@@ -74,7 +74,7 @@ static int
 _wrap_PyCDebugDump__tp_init(PyCDebugDump *self, PyObject *args, PyObject *kwargs)
 {
     const char *keywords[] = {NULL};
-    
+
     if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "", (char **) keywords)) {
         return -1;
     }
@@ -87,7 +87,7 @@ PyObject *
 _wrap_PyCDebugDump_Close(PyCDebugDump *self)
 {
     PyObject *py_retval;
-    
+
     self->obj->Close();
     Py_INCREF(Py_None);
     py_retval = Py_None;
@@ -100,12 +100,13 @@ _wrap_PyCDebugDump_Create(PyCDebugDump *self, PyObject *args, PyObject *kwargs)
 {
     PyObject *py_retval;
     char *pFilename2;
-    const char *keywords[] = {"pFilename", NULL};
-    
-    if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "s", (char **) keywords, &pFilename2)) {
+    char *pUID2;
+    const char *keywords[] = {"pFilename", "pUID", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "ss", (char **) keywords, &pFilename2, &pUID2)) {
         return NULL;
     }
-    self->obj->Create(pFilename2);
+    self->obj->Create(pFilename2, pUID2);
     Py_INCREF(Py_None);
     py_retval = Py_None;
     return py_retval;
@@ -119,7 +120,7 @@ _wrap_PyCDebugDump_SaveText(PyCDebugDump *self, PyObject *args, PyObject *kwargs
     char *pName2;
     char *pData2;
     const char *keywords[] = {"pName", "pData", NULL};
-    
+
     if (!PyArg_ParseTupleAndKeywords(args, kwargs, (char *) "ss", (char **) keywords, &pName2, &pData2)) {
         return NULL;
     }
@@ -148,7 +149,7 @@ _wrap_PyCDebugDump__tp_dealloc(PyCDebugDump *self)
 static PyObject*
 _wrap_PyCDebugDump__tp_richcompare (PyCDebugDump *self, PyCDebugDump *other, int opid)
 {
-    
+
     if (!PyObject_IsInstance((PyObject*) other, (PyObject*) &PyCDebugDump_Type)) {
         Py_INCREF(Py_NotImplemented);
         return Py_NotImplemented;
diff --git a/lib/Utils/DebugDump.cpp b/lib/Utils/DebugDump.cpp
index 0ac9d79..9d40e35 100644
--- a/lib/Utils/DebugDump.cpp
+++ b/lib/Utils/DebugDump.cpp
@@ -36,6 +36,8 @@
 #include <unistd.h>
 #include <magic.h>
 #include <string.h>
+#include <pwd.h>
+#include <stdlib.h>
 
 #include "CommLayerInner.h"
 #pragma weak comm_layer_inner_debug
@@ -174,7 +176,26 @@ void CDebugDump::UnLock()
     }
 }
 
-void CDebugDump::Create(const std::string& pDir)
+std::string CDebugDump::GetGIDFromUID(const std::string& pUID)
+{
+    std::stringstream ret;
+    struct passwd* pw;
+    while (( pw = getpwent()) != NULL)
+    {
+        if (pw->pw_uid == atoi(pUID.c_str()))
+        {
+            ret << pw->pw_gid;
+        }
+    }
+    setpwent();
+    if (ret.str() == "")
+    {
+        ret << "-1";
+    }
+    return ret.str();
+}
+
+void CDebugDump::Create(const std::string& pDir, const std::string& pUID)
 {
     if (m_bOpened)
     {
@@ -182,7 +203,6 @@ void CDebugDump::Create(const std::string& pDir)
     }
 
     m_sDebugDumpDir = RemoveBackSlashes(pDir);
-    std::string lockPath = m_sDebugDumpDir + ".lock";
     if (ExistFileDir(m_sDebugDumpDir))
     {
         throw CABRTException(EXCEP_DD_OPEN, "CDebugDump::CDebugDump(): "+m_sDebugDumpDir+" already exists.");
@@ -191,12 +211,27 @@ void CDebugDump::Create(const std::string& pDir)
     Lock();
     m_bOpened = true;
 
-    if (mkdir(m_sDebugDumpDir.c_str(), 0755) == -1)
+    if (mkdir(m_sDebugDumpDir.c_str(), 0700) == -1)
+    {
+        UnLock();
+        m_bOpened = false;
+        throw CABRTException(EXCEP_DD_OPEN, "CDebugDump::Create(): Cannot create dir: " + pDir);
+    }
+    if (chmod(m_sDebugDumpDir.c_str(), 0700) == -1)
+    {
+        UnLock();
+        m_bOpened = false;
+        throw CABRTException(EXCEP_DD_OPEN, "CDebugDump::Create(): Cannot change permissions, dir: " + pDir);
+    }
+    std::string GID = GetGIDFromUID(pUID);
+    if (chown(m_sDebugDumpDir.c_str(), atoi(pUID.c_str()), atoi(GID.c_str())) == -1)
     {
         UnLock();
-        throw CABRTException(EXCEP_DD_OPEN, "CDebugDump::Create():m_sDebugDumpDir Cannot create dir: " + pDir);
+        m_bOpened = false;
+        throw CABRTException(EXCEP_DD_OPEN, "CDebugDump::Create(): Cannot change ownership, dir: " + pDir);
     }
 
+    SaveText(FILENAME_UID, pUID);
     SaveKernelArchitectureRelease();
     SaveTime();
 }
diff --git a/lib/Utils/DebugDump.h b/lib/Utils/DebugDump.h
index 9878075..3b47956 100644
--- a/lib/Utils/DebugDump.h
+++ b/lib/Utils/DebugDump.h
@@ -66,12 +66,12 @@ class CDebugDump
         bool IsTextFile(const std::string& pName);
 
         std::string RemoveBackSlashes(const std::string& pDir);
-
+        std::string GetGIDFromUID(const std::string& pUID);
     public:
 
         CDebugDump();
         void Open(const std::string& pDir);
-        void Create(const std::string& pDir);
+        void Create(const std::string& pDir, const std::string& pUID);
         void Delete();
         void Close();
 
diff --git a/lib/Utils/Makefile.am b/lib/Utils/Makefile.am
index b29a85b..0412e7e 100644
--- a/lib/Utils/Makefile.am
+++ b/lib/Utils/Makefile.am
@@ -5,4 +5,5 @@ libABRTUtils_la_LIBADD = -lmagic
 libABRTUtils_la_CPPFLAGS = -I$(srcdir)/../../inc -I$(srcdir)/../../lib/CommLayer
 
 install-data-local:
-	$(mkdir_p) '$(DESTDIR)/$(DEBUG_DUMPS_DIR)'
-\ No newline at end of file
+	$(mkdir_p) '$(DESTDIR)/$(DEBUG_DUMPS_DIR)'
+	chmod 1777 '$(DESTDIR)/$(DEBUG_DUMPS_DIR)'
author	Zdenek Prikryl <zprikryl@redhat.com>	2009-06-30 09:14:12 +0200
committer	Zdenek Prikryl <zprikryl@redhat.com>	2009-06-30 09:14:12 +0200
commit	dcca51525ab4994cb8c1232e9698a534109288db (patch)
tree	bf514895323c86de40989b5bc73954f8515c151f /lib
parent	a0c9339e53a2e9c2d340aeecadd00fbc62e8443b (diff)