setuid safeness - ensure if an app that is setuid doesn't do bad things

this makes efl ignore certain env vars for thnigs and entirely removes
user modules (that no one ever used) etc. etc. to ensure that *IF* an
app is setuid, there isn't a priv escalation path that is easy.

diff --git a/src/lib/elm_cnp.c b/src/lib/elm_cnp.c
index f0464fb..0d8deab 100644 (file)
--- a/src/lib/elm_cnp.c
+++ b/src/lib/elm_cnp.c
@@ -3508,13 +3508,13 @@ _tempfile_new(int size)
 {
 #ifdef HAVE_MMAN_H
    Tmp_Info *info;
-   const char *tmppath;
+   const char *tmppath = NULL;
    mode_t cur_umask;
    int len;
 
    info = calloc(1, sizeof(Tmp_Info));
    if (!info) return NULL;
-   tmppath = getenv("TMP");
+   if (getuid() == getuid()) tmppath = getenv("TMP");
    if (!tmppath) tmppath = P_tmpdir;
    len = snprintf(NULL, 0, "%s/%sXXXXXX", tmppath, "elmcnpitem-");
    if (len < 0) goto on_error;

diff --git a/src/lib/elm_config.c b/src/lib/elm_config.c
index 17a7bdc..502eef9 100644 (file)
--- a/src/lib/elm_config.c
+++ b/src/lib/elm_config.c
@@ -8,6 +8,7 @@
 
 #include <Elementary.h>
 #include "elm_priv.h"
+#include <pwd.h>
 
 EAPI int ELM_EVENT_CONFIG_ALL_CHANGED = 0;
 
@@ -508,7 +509,7 @@ _elm_config_user_dir_snprintf(char       *dst,
                               ...)
 {
    const char *home = NULL;
-   size_t user_dir_len, off;
+   size_t user_dir_len = 0, off = 0;
    va_list ap;
 
 #ifdef _WIN32
@@ -517,28 +518,47 @@ _elm_config_user_dir_snprintf(char       *dst,
      (dst, size, '/', home, strlen(home),
          ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
 #else
-#ifdef DOXDG
-   home = getenv("XDG_CONFIG_HOME");
-   if (home)
+   if (getuid() == getuid())
      {
-        user_dir_len = eina_str_join_len
-          (dst, size, '/', home, strlen(home),
-              "elementary", sizeof("elementary") - 1);
+#ifdef DOXDG
+        home = getenv("XDG_CONFIG_HOME");
+        if (home)
+          {
+             user_dir_len = eina_str_join_len
+             (dst, size, '/', home, strlen(home),
+                 "elementary", sizeof("elementary") - 1);
+          }
+        else
+#endif
+          {
+             home = getenv("HOME");
+             if (!home) home = "/";
+#ifdef DOXDG
+             user_dir_len = eina_str_join_len
+             (dst, size, '/', home, strlen(home),
+                 ".config", sizeof(".config") - 1,
+                 "elementary", sizeof("elementary") - 1);
+#else
+             user_dir_len = eina_str_join_len
+             (dst, size, '/', home, strlen(home),
+                 ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
+#endif
+          }
      }
    else
-#endif
      {
-        home = getenv("HOME");
-        if (!home) home = "/";
+        struct passwd *pw = getpwent();
+
+        if ((!pw) || (!pw->pw_dir)) goto end;
 #ifdef DOXDG
         user_dir_len = eina_str_join_len
-          (dst, size, '/', home, strlen(home),
-              ".config", sizeof(".config") - 1,
-              "elementary", sizeof("elementary") - 1);
+          (dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
+           ".config", sizeof(".config") - 1,
+           "elementary", sizeof("elementary") - 1);
 #else
         user_dir_len = eina_str_join_len
-          (dst, size, '/', home, strlen(home),
-              ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
+          (dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
+           ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
 #endif
      }
 #endif
@@ -872,6 +892,11 @@ _profile_fetch_from_conf(void)
    if (s)
      {
         _elm_profile = strdup(s);
+        if (_elm_profile)
+          {
+             p = strchr(_elm_profile, '/');
+             if (p) *p = 0;
+          }
         return;
      }
 
@@ -884,10 +909,16 @@ _profile_fetch_from_conf(void)
         if (p)
           {
              _elm_profile = malloc(len + 1);
-             memcpy(_elm_profile, p, len);
-             _elm_profile[len] = 0;
-             free(p);
+             if (_elm_profile)
+               {
+                  memcpy(_elm_profile, p, len);
+                  _elm_profile[len] = 0;
+                  free(p);
+               }
+             else free(p);
              eet_close(ef);
+             p = strchr(_elm_profile, '/');
+             if (p) *p = 0;
              return;
           }
         eet_close(ef);
@@ -902,10 +933,16 @@ _profile_fetch_from_conf(void)
         if (p)
           {
              _elm_profile = malloc(len + 1);
-             memcpy(_elm_profile, p, len);
-             _elm_profile[len] = 0;
-             free(p);
+             if (_elm_profile)
+               {
+                  memcpy(_elm_profile, p, len);
+                  _elm_profile[len] = 0;
+                  free(p);
+               }
+             else free(p);
              eet_close(ef);
+             p = strchr(_elm_profile, '/');
+             if (p) *p = 0;
              return;
           }
         eet_close(ef);
@@ -2538,6 +2575,8 @@ _elm_config_sub_init(void)
                          }
                        _elm_profile = s;
                        if (changed) _prop_config_get();
+                       s = strchr(_elm_profile, '/');
+                       if (s) *s = 0;
                     }
                }
           }

diff --git a/src/lib/elm_conform.c b/src/lib/elm_conform.c
index ca42c4b..7317074 100644 (file)
--- a/src/lib/elm_conform.c
+++ b/src/lib/elm_conform.c
@@ -309,6 +309,11 @@ _port_indicator_connect_cb(void *data)
         sd->port_indi_timer = NULL;
         return ECORE_CALLBACK_CANCEL;
      }
+   if (strchr(indicator_serv_name, '/'))
+     {
+        sd->port_indi_timer = NULL;
+        return ECORE_CALLBACK_CANCEL;
+     }
    if (elm_plug_connect(sd->portrait_indicator, indicator_serv_name, 0, EINA_FALSE))
      {
         DBG("Conformant connect to server[%s]\n", indicator_serv_name);
@@ -339,6 +344,11 @@ _land_indicator_connect_cb(void *data)
         sd->land_indi_timer = NULL;
         return ECORE_CALLBACK_CANCEL;
      }
+   if (strchr(indicator_serv_name, '/'))
+     {
+        sd->port_indi_timer = NULL;
+        return ECORE_CALLBACK_CANCEL;
+     }
    if (elm_plug_connect(sd->landscape_indicator, indicator_serv_name, 0, EINA_FALSE))
      {
         DBG("Conformant connect to server[%s]\n", indicator_serv_name);
@@ -386,6 +396,10 @@ _create_portrait_indicator(Evas_Object *obj)
         DBG("Conformant cannot get portrait indicator service name\n");
         return NULL;
      }
+   if (strchr(port_indicator_serv_name, '/'))
+     {
+        return NULL;
+     }
 
    port_indicator = elm_plug_add(obj);
    if (!port_indicator)
@@ -423,6 +437,10 @@ _create_landscape_indicator(Evas_Object *obj)
         DBG("Conformant cannot get portrait indicator service name\n");
         return NULL;
      }
+   if (strchr(land_indicator_serv_name, '/'))
+     {
+        return NULL;
+     }
 
    land_indicator = elm_plug_add(obj);
    if (!land_indicator)

diff --git a/src/lib/elm_module.c b/src/lib/elm_module.c
index 11dca41..f0e0903 100644 (file)
--- a/src/lib/elm_module.c
+++ b/src/lib/elm_module.c
@@ -122,55 +122,10 @@ _elm_module_find_as(const char *as)
 Eina_Bool
 _elm_module_load(Elm_Module *m)
 {
-   const char *home;
    char buf[PATH_MAX];
 
    if (m->module) return EINA_TRUE;
-
-   home = getenv("HOME");
-   if (home)
-     {
-        snprintf(buf, sizeof(buf),
-                 "%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s/module"
-                 EFL_SHARED_EXTENSION, home, m->name, MODULE_ARCH);
-        m->module = eina_module_new(buf);
-        if ((m->module) && (eina_module_load(m->module) == EINA_TRUE))
-          {
-             m->init_func =
-               eina_module_symbol_get(m->module, "elm_modapi_init");
-             if (m->init_func)
-               {
-                  m->shutdown_func =
-                    eina_module_symbol_get(m->module, "elm_modapi_shutdown");
-                  m->so_path = eina_stringshare_add(buf);
-                  snprintf(buf, sizeof(buf),
-                           "%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s",
-                           home, m->name, MODULE_ARCH);
-                  m->bin_dir = eina_stringshare_add(buf);
-                  snprintf(buf, sizeof(buf),
-                           "%s/"ELEMENTARY_BASE_DIR "/modules/%s",
-                           home, m->name);
-                  m->data_dir = eina_stringshare_add(buf);
-               }
-             else
-               {
-                  if (m->module)
-                    {
-                       eina_module_unload(m->module);
-                       eina_module_free(m->module);
-                       m->module = NULL;
-                    }
-                  return EINA_FALSE;
-               }
-          }
-        else if (m->module)
-          {
-             eina_module_free(m->module);
-             m->module = NULL;
-          }
-     }
-
-   if (m->module) return EINA_TRUE;
+   if (strchr(m->name, '/')) return EINA_FALSE;
 
    snprintf(buf, sizeof(buf),
             "%s/elementary/modules/%s/%s/module"EFL_SHARED_EXTENSION,

diff --git a/src/lib/elm_url.c b/src/lib/elm_url.c
index 736d1a0..c4bbc52 100644 (file)
--- a/src/lib/elm_url.c
+++ b/src/lib/elm_url.c
@@ -98,9 +98,12 @@ elm_url_download(const char *url, Elm_Url_Done done_cb, Elm_Url_Cancel cancel_cb
    target = ecore_con_url_new(url);
    if (!target) goto on_error;
 
-   if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
-   if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
-   if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
+   if (getuid() == getuid())
+     {
+        if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
+        if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
+        if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
+     }
 
    r = malloc(sizeof (Elm_Url));
    if (!r) goto on_error;