diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rwxr-xr-x | stap-client | 58 | ||||
| -rwxr-xr-x | stap-gen-server-cert | 13 | ||||
| -rwxr-xr-x | stap-serverd | 199 |
4 files changed, 250 insertions, 31 deletions
@@ -9,11 +9,18 @@ ahavi has provided the host name. Don't check that avahi has provided the ip address. Pass the host name to send_receive. (send_receive): Change the name of our host to 'localhost' here. + (check_db): Add recommended (but not fatal) access permission checks. + (check_db_file): Likewise. + * stap-gen-server-cert: Create the certificate database and the + certificate file with the recommended access permissions. + * stap-server (initialization): Call check_db to check the security of + the chosen certificate database. + (check_db,check_db_file,check_cert_file,warning): New functions. 2009-01-28 Dave Brolley <brolley@redhat.com> - * stap-client (initialization): Call check_db to check the security of the - default certificate databases. Initialize find_all. + * stap-client (initialization): Call check_db to check the security of + the default certificate databases. Initialize find_all. (parse_options): Handle the --server option. (process_server): New function. (process_ssl): Call check_db to check the security of the specified diff --git a/stap-client b/stap-client index 93305ff5..d69b6474 100755 --- a/stap-client +++ b/stap-client @@ -843,33 +843,42 @@ function check_db { fi # Check that we can read the directory - if ! test -r $file; then + if ! test -r $dir; then warning "Certificate database '$dir' is not readble" rc=1 fi # Check the access permissions of the directory local perm=0`stat -c "%a" $dir` -# if test $((($perm & 0400) == 0400)) = 0; then -# warning "Certificate database '$dir' must be readable by the owner" -# rc=1 -# fi -# if test $((($perm & 0200) == 0200)) = 0; then -# warning "Certificate database '$dir' must be writeable by the owner" -# rc=1 -# fi -# if test $((($perm & 0100) == 0100)) = 0; then -# warning "Certificate database '$dir' must be searchable by the owner" -# rc=1 -# fi + if test $((($perm & 0400) == 0400)) = 0; then + warning "Certificate database '$dir' should be readable by the owner" + fi + if test $((($perm & 0200) == 0200)) = 0; then + warning "Certificate database '$dir' should be writeable by the owner" + fi + if test $((($perm & 0100) == 0100)) = 0; then + warning "Certificate database '$dir' should be searchable by the owner" + fi + if test $((($perm & 0040) == 0040)) = 0; then + warning "Certificate database '$dir' should be readable by the group" + fi if test $((($perm & 0020) == 0020)) = 1; then warning "Certificate database '$dir' must not be writable by the group" rc=1 fi + if test $((($perm & 0010) == 0010)) = 0; then + warning "Certificate database '$dir' should be searchable by the group" + fi + if test $((($perm & 0004) == 0004)) = 0; then + warning "Certificate database '$dir' should be readable by others" + fi if test $((($perm & 0002) == 0002)) = 1; then warning "Certificate database '$dir' must not be writable by others" rc=1 fi + if test $((($perm & 0001) == 0001)) = 0; then + warning "Certificate database '$dir' should be searchable by others" + fi # Now check the permissions of the critical files. check_db_file $dir/cert8.db || rc=1 @@ -883,7 +892,7 @@ function check_db { # function: check_db_file FILENAME # -# Check the security of the given database directory. +# Check the security of the given database file. function check_db_file { local file=$1 local rc=0 @@ -906,18 +915,19 @@ function check_db_file { # Check the access permissions of the file local perm=0`stat -c "%a" $file` -# if test $((($perm & 0400) == 0400)) = 0; then -# warning "Certificate database file '$file' must be readable by the owner" -# rc=1 -# fi -# if test $((($perm & 0200) == 0200)) = 0; then -# warning "Certificate database file '$file' must be writeable by the owner" -# rc=1 -# fi + if test $((($perm & 0400) == 0400)) = 0; then + warning "Certificate database file '$file' should be readable by the owner" + fi + if test $((($perm & 0200) == 0200)) = 0; then + warning "Certificate database file '$file' should be writeable by the owner" + fi if test $((($perm & 0100) == 0100)) = 1; then warning "Certificate database file '$file' must not be executable by the owner" rc=1 fi + if test $((($perm & 0040) == 0040)) = 0; then + warning "Certificate database file '$file' should be readable by the group" + fi if test $((($perm & 0020) == 0020)) = 1; then warning "Certificate database file '$file' must not be writable by the group" rc=1 @@ -926,6 +936,9 @@ function check_db_file { warning "Certificate database file '$file' must not be executable by the group" rc=1 fi + if test $((($perm & 0004) == 0004)) = 0; then + warning "Certificate database file '$file' should be readable by others" + fi if test $((($perm & 0002) == 0002)) = 1; then warning "Certificate database file '$file' must not be writable by others" rc=1 @@ -937,6 +950,7 @@ function check_db_file { return $rc } + # function: warning [ MESSAGE ] # # Warning error diff --git a/stap-gen-server-cert b/stap-gen-server-cert index f6445d8d..9b4a776b 100755 --- a/stap-gen-server-cert +++ b/stap-gen-server-cert @@ -43,7 +43,7 @@ rm -fr $1 # Create the server's certificate database directory. serverdb=$1/server -if ! mkdir -p $serverdb; then +if ! mkdir -p -m 755 $serverdb; then echo "Unable to create the server certificate database directory: $serverdb" >&2 exit 1 fi @@ -73,6 +73,12 @@ dd bs=123 count=1 < /dev/urandom > $1/noise 2> /dev/null certutil -R -d $serverdb -f $serverdb/pw -s "CN=Systemtap Compile Server, OU=Systemtap, O=Red Hat, C=US" -o $1/stap-server.req -z $1/noise 2> /dev/null rm -fr $1/noise +# Create the certificate file first so that it always has the proper access permissions. +if ! (touch $serverdb/stap-server.cert && chmod 644 $serverdb/stap-server.cert); then + echo "Unable to create the server certificate file: $serverdb/stap-server.cert" >&2 + exit 1 +fi + # Now generate the actual certificate. certutil -C -i $1/stap-server.req -o $serverdb/stap-server.cert -x -d $serverdb -f $serverdb/pw -5 -8 "$HOSTNAME,localhost" >/dev/null <<-EOF 1 @@ -83,10 +89,5 @@ y EOF rm -fr $1/stap-server.req -# Ensure that the certificate is readable by others. -if ! chmod +r $serverdb/stap-server.cert; then - echo "Warning: unable to make the server's certificate $serverdb/stap-server.cert readable by others" >&2 -fi - # Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer certutil -A -n stap-server -t "PCu,,PCu" -i $serverdb/stap-server.cert -d $serverdb -f $serverdb/pw diff --git a/stap-serverd b/stap-serverd index 1c227e6c..818e3ec3 100755 --- a/stap-serverd +++ b/stap-serverd @@ -58,6 +58,10 @@ function initialization { fi fi fi + + # Check the security of the database. + check_db $ssl_db + nss_pw=$ssl_db/pw nss_cert=stap-server } @@ -88,12 +92,205 @@ function listen { wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 } +# function: check_db DBNAME +# +# Check the security of the given database directory. +function check_db { + local dir=$1 + local rc=0 + + # Check that we have been given a directory + if ! test -e $dir; then + warning "Certificate database '$dir' does not exist" + return 1 + fi + if ! test -d $dir; then + warning "Certificate database '$dir' is not a directory" + return 1 + fi + + # Check that we can read the directory + if ! test -r $dir; then + warning "Certificate database '$dir' is not readble" + rc=1 + fi + + # Check the access permissions of the directory + local perm=0`stat -c "%a" $dir` + if test $((($perm & 0400) == 0400)) = 0; then + warning "Certificate database '$dir' should be readable by the owner" + fi + if test $((($perm & 0200) == 0200)) = 0; then + warning "Certificate database '$dir' should be writeable by the owner" + fi + if test $((($perm & 0100) == 0100)) = 0; then + warning "Certificate database '$dir' should be searchable by the owner" + fi + if test $((($perm & 0040) == 0040)) = 0; then + warning "Certificate database '$dir' should be readable by the group" + fi + if test $((($perm & 0020) == 0020)) = 1; then + warning "Certificate database '$dir' must not be writable by the group" + rc=1 + fi + if test $((($perm & 0010) == 0010)) = 0; then + warning "Certificate database '$dir' should be searchable by the group" + fi + if test $((($perm & 0004) == 0004)) = 0; then + warning "Certificate database '$dir' should be readable by others" + fi + if test $((($perm & 0002) == 0002)) = 1; then + warning "Certificate database '$dir' must not be writable by others" + rc=1 + fi + if test $((($perm & 0001) == 0001)) = 0; then + warning "Certificate database '$dir' should be searchable by others" + fi + + # Now check the permissions of the critical files. + check_db_file $dir/cert8.db || rc=1 + check_db_file $dir/key3.db || rc=1 + check_db_file $dir/secmod.db || rc=1 + check_db_file $dir/pw || rc=1 + check_cert_file $dir/stap-server.cert || rc=1 + + test $rc = 1 && fatal "Unable to use certificate database '$dir' due to errors" + + return $rc +} + +# function: check_db_file FILENAME +# +# Check the security of the given database file. +function check_db_file { + local file=$1 + local rc=0 + + # Check that we have been given a file + if ! test -e $file; then + warning "Certificate database file '$file' does not exist" + return 1 + fi + if ! test -f $file; then + warning "Certificate database file '$file' is not a regular file" + return 1 + fi + + # Check that we can read the file + if ! test -r $file; then + warning "Certificate database file '$file' is not readble" + rc=1 + fi + + # Check the access permissions of the file + local perm=0`stat -c "%a" $file` + if test $((($perm & 0400) == 0400)) = 0; then + warning "Certificate database file '$file' should be readable by the owner" + fi + if test $((($perm & 0200) == 0200)) = 0; then + warning "Certificate database file '$file' should be writeable by the owner" + fi + if test $((($perm & 0100) == 0100)) = 1; then + warning "Certificate database file '$file' must not be executable by the owner" + rc=1 + fi + if test $((($perm & 0040) == 0040)) = 1; then + warning "Certificate database file '$file' must not be readable by the group" + rc=1 + fi + if test $((($perm & 0020) == 0020)) = 1; then + warning "Certificate database file '$file' must not be writable by the group" + rc=1 + fi + if test $((($perm & 0010) == 0010)) = 1; then + warning "Certificate database file '$file' must not be executable by the group" + rc=1 + fi + if test $((($perm & 0004) == 0004)) = 1; then + warning "Certificate database file '$file' must not be readable by others" + rc=1 + fi + if test $((($perm & 0002) == 0002)) = 1; then + warning "Certificate database file '$file' must not be writable by others" + rc=1 + fi + if test $((($perm & 0001) == 0001)) = 1; then + warning "Certificate database file '$file' must not be executable by others" + rc=1 + fi + + return $rc +} + +# function: check_db_file FILENAME +# +# Check the security of the given database file. +function check_cert_file { + local file=$1 + local rc=0 + + # Check that we have been given a file + if ! test -e $file; then + warning "Certificate database file '$file' does not exist" + return 1 + fi + if ! test -f $file; then + warning "Certificate database file '$file' is not a regular file" + return 1 + fi + + # Check the access permissions of the file + local perm=0`stat -c "%a" $file` + if test $((($perm & 0400) == 0400)) = 0; then + warning "Certificate file '$file' should be readable by the owner" + fi + if test $((($perm & 0200) == 0200)) = 0; then + warning "Certificate file '$file' should be writeable by the owner" + fi + if test $((($perm & 0100) == 0100)) = 1; then + warning "Certificate file '$file' must not be executable by the owner" + rc=1 + fi + if test $((($perm & 0040) == 0040)) = 0; then + warning "Certificate file '$file' should be readable by the group" + fi + if test $((($perm & 0020) == 0020)) = 1; then + warning "Certificate file '$file' must not be writable by the group" + rc=1 + fi + if test $((($perm & 0010) == 0010)) = 1; then + warning "Certificate file '$file' must not be executable by the group" + rc=1 + fi + if test $((($perm & 0004) == 0004)) = 0; then + warning "Certificate file '$file' should be readable by others" + fi + if test $((($perm & 0002) == 0002)) = 1; then + warning "Certificate file '$file' must not be writable by others" + rc=1 + fi + if test $((($perm & 0001) == 0001)) = 1; then + warning "Certificate file '$file' must not be executable by others" + rc=1 + fi + + return $rc +} + +# function: warning [ MESSAGE ] +# +# Warning error +# Prints its arguments to stderr +function warning { + echo "$0: WARNING:" "$@" >&2 +} + # function: fatal [ MESSAGE ] # # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$@" >&2 + echo "$0: FATAL:" "$@" >&2 terminate exit 1 } |