From: greatim <jaewon81.lim@samsung.com>
Date: Thu, 25 Aug 2016 11:05:12 +0000 (+0900)
Subject: change umask value to 022 from 000 because of security reason
X-Git-Tag: submit/tizen/20160930.063257~5^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f17729d36596c1bb347a3ade5d86f6d05bd931e3;p=sdk%2Ftarget%2Fsdbd.git

change umask value to 022 from 000 because of security reason

change umask value to 022 from 000 because of security reason
add S_IWOTH for pushed file to owner's content directory

Change-Id: Ie0677c4bfa8c494c13ab0ac32cdb730f90d22864
Signed-off-by: greatim <jaewon81.lim@samsung.com>
---

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index 5fc6642..b0a0f07 100644
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+#include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -58,6 +59,8 @@ struct sync_permit_rule sdk_sync_permit_rule[] = {
  */
 #define DIR_PERMISSION 0777
 
+static struct tzplatform_context* sdk_user_context = NULL;
+
 void init_sdk_sync_permit_rule_regx(void)
 {
     int ret;
@@ -334,6 +337,62 @@ static void sync_mediadb(char *path) {
     return;
 }
 
+static void deinit_sdk_user_context(void) {
+    if (sdk_user_context != NULL) {
+        tzplatform_context_destroy(sdk_user_context);
+        sdk_user_context = NULL;
+    }
+}
+
+// return 0 if success to initialize
+// return negative value otherwise
+static int init_sdk_user_context() {
+    if (sdk_user_context == NULL) {
+        int ret = tzplatform_context_create(&sdk_user_context);
+        if (ret < 0) {
+            D ("failed to create tzplatform context by error (%d)\n", ret);
+            return ret;
+        }
+
+        ret = tzplatform_context_set_user(sdk_user_context, g_sdk_user_id);
+        if (ret < 0) {
+            D ("failed to set user to sdk_user_context\n");
+            return ret;
+        }
+
+        atexit(deinit_sdk_user_context);
+    }
+
+    return 0;
+}
+
+// return 1 if given directory is writable by others
+// return 0 otherwise
+static int is_writable_by_others(char* path) {
+    int ret = 0;
+
+    if ( init_sdk_user_context() == 0 ) {
+        const char* content_path = tzplatform_context_getenv(sdk_user_context, TZ_USER_CONTENT);
+        char* abpath = realpath(path, NULL);
+        D ("tzplatform getenv : %s\n", content_path);
+
+        if (abpath != NULL) {
+            if (strncmp(abpath, content_path, strlen(content_path)) == 0) {
+                D("path (%s) is writable by others\n", path);
+                ret = 1;
+            }
+            free(abpath);
+        } else {
+            D("failed to get realpath of (%s)\n", path);
+        }
+    } else {
+        // do nothing
+        // no directory is writable by others
+    }
+
+    return ret;
+}
+
 static int handle_send_file(int s, int noti_fd, char *path, mode_t mode, char *buffer)
 {
     syncmsg msg;
@@ -495,6 +554,8 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
         return -1;
     }
 
+    D("send path (%s)\n", path);
+
     tmp = strrchr(path,',');
     if(tmp) {
         *tmp = 0;
@@ -505,7 +566,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
 #endif
         // extracts file permission from stat.mode. (ex 100644 & 0777 = 644);
         mode &= 0777; // combination of (S_IRWXU | S_IRWXG | S_IRWXO)
-        mode |= S_IWOTH; // SDK requirement from N_SE-43337
     }
     if(!tmp || errno) {
         mode = 0644; // set default permission value in most of unix system.
@@ -523,7 +583,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
     // sdb does not allow to check that file exists or not. After deleting old file and creating new file again unconditionally.
     sdb_unlink(path);
 
-
 #ifdef HAVE_SYMLINKS
     if(is_link)
         ret = handle_send_link(s, noti_fd, path, buffer);
@@ -539,6 +598,13 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
         //mode |= ((mode >> 3) & 0070);
         //mode |= ((mode >> 3) & 0007);
         ret = handle_send_file(s, noti_fd, path, mode, buffer);
+        if (is_writable_by_others(path)) {
+            mode_t realmode = mode & ~(SDBD_UMASK);
+            realmode |= S_IWOTH;
+            if (chmod(path, realmode) != 0) {
+                D ("failed to chmod of writable path by others\n");
+            }
+        }
     }
 
     return ret;
diff --git a/src/sdb.c b/src/sdb.c
index 22d2794..a30b3c4 100644
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1084,9 +1084,6 @@ void start_device_log(void)
 
 int daemonize(void) {
 
-    // set file creation mask to 0
-    umask(0);
-
     switch (fork()) {
     case -1:
         return -1;
@@ -1095,6 +1092,11 @@ int daemonize(void) {
     default:
         _exit(0);
     }
+
+    // 2016-08-25 : modified umask to 022 from 000 because of security reason
+	// there is a problem that the file created by sdb shell command could be written by 'others'
+	umask(SDBD_UMASK);
+
 #ifdef SDB_PIDPATH
     FILE *f = fopen(SDB_PIDPATH, "w");
 
@@ -2200,8 +2202,6 @@ int sdb_main(int is_daemon, int server_port)
         D("sdbd should be launched in develop mode.\n");
         return -1;
     }
-
-    umask(000);
 #endif
 
     atexit(sdb_cleanup);
diff --git a/src/sdb.h b/src/sdb.h
index c9a9e0c..36f28e1 100644
--- a/src/sdb.h
+++ b/src/sdb.h
@@ -47,6 +47,8 @@
 
 #define SDB_SERVER_VERSION 0        // Increment this when we want to force users to start a new sdb server
 
+#define SDBD_UMASK 0022        // default file creation mask of sdbd
+
 typedef struct amessage amessage;
 typedef struct apacket apacket;
 typedef struct asocket asocket;