projects / platform / core / appfw / app-installers.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0596ed5)
Fix code to be more secure 19/184319/1
authorSemun Lee <semun.lee@samsung.com>
Tue, 17 Jul 2018 07:43:20 +0000 (16:43 +0900)
committerSemun Lee <semun.lee@samsung.com>
Tue, 17 Jul 2018 07:43:20 +0000 (16:43 +0900)
- dlopen with absolute path to prevent LD_LIBRARY_PATH attack
- add "x" to prevent symlink attack for recovery file creation

Change-Id: I5f94740e1fd7e1df6c711767d63b624d829b399b
Signed-off-by: Semun Lee <semun.lee@samsung.com>
src/common/app2ext_dynamic_service.cc patch | blob | history
src/common/plugins/plugin.cc patch | blob | history
src/common/recovery_file.cc patch | blob | history

diff --git a/src/common/app2ext_dynamic_service.cc b/src/common/app2ext_dynamic_service.cc
index c2a4e963a1f605dae3fe8f853a5442fe7ac33407..525a22ee02fdcbe5f3a3dfab916cb9ac6922387c 100644 (file)
--- a/src/common/app2ext_dynamic_service.cc
+++ b/src/common/app2ext_dynamic_service.cc
@@ -15,7 +15,7 @@ const std::string& enable_pkg_sym_name = "app2ext_usr_enable_external_pkg";
 const std::string& get_image_path_sym_name = "app2ext_usr_get_image_path";
 const std::string& init_sym_name = "app2ext_init";
 const std::string& deinit_sym_name = "app2ext_deinit";
-const std::string& LIBNAME = "libapp2ext.so.0";
+const std::string& LIBNAME = "/usr/lib/libapp2ext.so.0";
 
 }
 
diff --git a/src/common/plugins/plugin.cc b/src/common/plugins/plugin.cc
index 774daa6ef3b1d9ea208f4047d395fcd2fc97be3f..fa5a42aa2d014851cafd4d08e83c2d1c2519d58a 100644 (file)
--- a/src/common/plugins/plugin.cc
+++ b/src/common/plugins/plugin.cc
@@ -19,6 +19,12 @@ bool Plugin::Load() {
     return true;
   }
 
+  if (!plugin_info_.path().is_absolute()) {
+    LOG(WARNING) << "Plugin path should be an absolute path: "
+               << plugin_info_.path().c_str();
+    return false;
+  }
+
   lib_handle_ = dlopen(plugin_info_.path().c_str(), RTLD_LAZY | RTLD_LOCAL);
   if (!lib_handle_) {
     LOG(WARNING) << "Failed to open library: " << plugin_info_.path().c_str()
diff --git a/src/common/recovery_file.cc b/src/common/recovery_file.cc
index bbbe5b71af687ad51b6cfeaabd8d1f5ecd5619fe..a37880b58edd159c4a240fb6aee520c4c0ff866a 100644 (file)
--- a/src/common/recovery_file.cc
+++ b/src/common/recovery_file.cc
@@ -194,7 +194,7 @@ bool RecoveryFile::ReadFileContent() {
 }
 
 bool RecoveryFile::WriteAndCommitFileContent() {
-  FILE* handle = fopen(path_.c_str(), "w");
+  FILE* handle = fopen(path_.c_str(), "wx");
   if (!handle) {
     LOG(ERROR) << "Cannot write recovery file";
     return false;
Domain: App Framework / Application Installer;