From: Pawel Polawski Date: Mon, 10 Feb 2014 10:12:07 +0000 (+0100) Subject: Added checking for binary path in case of reused cookie X-Git-Tag: submit/tizen/20140307.131547~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a8f06fdbf0ef552d6ebd43a1c0088b147435d746;p=platform%2Fcore%2Fsecurity%2Fsecurity-server.git Added checking for binary path in case of reused cookie [Issue#] N/A [Bug/Feature] Protection aganist reuse cookie [Cause] Possible use cookie of other process [Solution] Added process path checking [Verification] Compile, run tests Change-Id: I0b34eab693026c5e63f269dfc912890a5e5c5dd8 --- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 50cbb7d..15fb946 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -20,6 +20,7 @@ SET(SECURITY_SERVER_SOURCES ${SERVER2_PATH}/service/app-permissions.cpp ${SERVER2_PATH}/service/cookie.cpp ${SERVER2_PATH}/service/cookie-jar.cpp + ${SERVER2_PATH}/service/cookie-common.cpp ${SERVER2_PATH}/service/privilege-by-pid.cpp ${SERVER2_PATH}/service/open-for.cpp ${SERVER2_PATH}/service/open-for-manager.cpp diff --git a/src/server/service/cookie-common.cpp b/src/server/service/cookie-common.cpp new file mode 100644 index 0000000..8f56b1d --- /dev/null +++ b/src/server/service/cookie-common.cpp @@ -0,0 +1,24 @@ +#include +#include +#include +#include + +namespace SecurityServer { + +int getPidPath(char *path, unsigned int pathSize, int pid) +{ + int retval; + char link[pathSize]; + + snprintf(link, pathSize, "/proc/%d/exe", pid); + retval = readlink(link, path, pathSize-1); + if (retval < 0) { + LogDebug("Unable to get process path"); + return -1; + } + path[retval] = '\0'; + + return 0; +} + +} // namespace SecurityServer diff --git a/src/server/service/cookie-common.h b/src/server/service/cookie-common.h new file mode 100644 index 0000000..fd4ae64 --- /dev/null +++ b/src/server/service/cookie-common.h @@ -0,0 +1,33 @@ +/* + * security-server + * + * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Bumjin Im + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef _COOKIE_COMMON_H_ +#define _COOKIE_COMMON_H_ + +namespace SecurityServer { + +/* + * Simple function for translating PID to process path + */ +int getPidPath(char *path, unsigned int pathSize, int pid); + +} // namespace SecurityServer + +#endif // _COOKIE_COMMON_H_ diff --git a/src/server/service/cookie-jar.cpp b/src/server/service/cookie-jar.cpp index 2e0e42b..262f52b 100644 --- a/src/server/service/cookie-jar.cpp +++ b/src/server/service/cookie-jar.cpp @@ -24,6 +24,7 @@ #include #include +#include #include #include #include @@ -71,7 +72,7 @@ const Cookie * CookieJar::GenerateCookie(int pid) return searchResult; } - searchResult = &newCookie; //only for searchResult != NULL + searchResult = &newCookie; //only for searchResult != NULL during while loop init while(searchResult != NULL) { //generate unique key std::ifstream urandom("/dev/urandom", std::ifstream::binary); @@ -85,16 +86,12 @@ const Cookie * CookieJar::GenerateCookie(int pid) } //obtain process path - char link[PATH_MAX]; char path[PATH_MAX]; - - snprintf(link, PATH_MAX, "/proc/%d/exe", pid); - retval = readlink(link, path, PATH_MAX-1); + retval = getPidPath(path, PATH_MAX, pid); if (retval < 0) { LogDebug("Unable to get process path"); return NULL; } - path[retval] = '\0'; newCookie.binaryPath = path; //get smack label if smack enabled @@ -145,6 +142,7 @@ const Cookie * CookieJar::GenerateCookie(int pid) for (size_t k = 0; k < newCookie.permissions.size(); k++) LogDebug("GID: " << newCookie.permissions[k]); + //only when cookie ready store it m_cookieList.push_back(newCookie); return &m_cookieList[m_cookieList.size() - 1]; } diff --git a/src/server/service/cookie.cpp b/src/server/service/cookie.cpp index 29d2652..6a45273 100644 --- a/src/server/service/cookie.cpp +++ b/src/server/service/cookie.cpp @@ -26,12 +26,14 @@ #include #include #include +#include #include #include #include #include #include #include +#include //interfaces ID const int INTERFACE_GET = 0; @@ -181,13 +183,28 @@ bool CookieService::cookieRequest(MessageBuffer &send, int socket) return false; const Cookie *generatedCookie = m_cookieJar.GenerateCookie(cr.pid); - if (generatedCookie != NULL) { - //cookie created correct - Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS); - Serialization::Serialize(send, generatedCookie->cookieId); - } else { + + if (generatedCookie == NULL) { //unable to create cookie Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN); + return true; + } + + //checking if binary path match created / found cookie + char path[PATH_MAX]; + int ret = getPidPath(path, PATH_MAX, cr.pid); + + if (ret < 0) { + LogError("Unable to check process binary path"); + Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN); + } else { + if (generatedCookie->binaryPath.compare(path)) { + LogDebug("Found cookie but no match in bin path"); + Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN); + } else { + Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS); + Serialization::Serialize(send, generatedCookie->cookieId); + } } return true;