From 501b1cd5fcef6ebcf3151eeed5412e81304147af Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Wed, 8 Jan 2014 20:32:27 +0900 Subject: [PATCH] setuid safeness - ensure if an app that is setuid doesn't do bad things this makes efl ignore certain env vars for thnigs and entirely removes user modules (that no one ever used) etc. etc. to ensure that *IF* an app is setuid, there isn't a priv escalation path that is easy. --- src/lib/elm_cnp.c | 4 +-- src/lib/elm_config.c | 81 ++++++++++++++++++++++++++++++++++++++------------- src/lib/elm_conform.c | 18 ++++++++++++ src/lib/elm_module.c | 47 +----------------------------- src/lib/elm_url.c | 9 ++++-- 5 files changed, 87 insertions(+), 72 deletions(-) diff --git a/src/lib/elm_cnp.c b/src/lib/elm_cnp.c index f0464fb..0d8deab 100644 --- a/src/lib/elm_cnp.c +++ b/src/lib/elm_cnp.c @@ -3508,13 +3508,13 @@ _tempfile_new(int size) { #ifdef HAVE_MMAN_H Tmp_Info *info; - const char *tmppath; + const char *tmppath = NULL; mode_t cur_umask; int len; info = calloc(1, sizeof(Tmp_Info)); if (!info) return NULL; - tmppath = getenv("TMP"); + if (getuid() == getuid()) tmppath = getenv("TMP"); if (!tmppath) tmppath = P_tmpdir; len = snprintf(NULL, 0, "%s/%sXXXXXX", tmppath, "elmcnpitem-"); if (len < 0) goto on_error; diff --git a/src/lib/elm_config.c b/src/lib/elm_config.c index 17a7bdc..502eef9 100644 --- a/src/lib/elm_config.c +++ b/src/lib/elm_config.c @@ -8,6 +8,7 @@ #include #include "elm_priv.h" +#include EAPI int ELM_EVENT_CONFIG_ALL_CHANGED = 0; @@ -508,7 +509,7 @@ _elm_config_user_dir_snprintf(char *dst, ...) { const char *home = NULL; - size_t user_dir_len, off; + size_t user_dir_len = 0, off = 0; va_list ap; #ifdef _WIN32 @@ -517,28 +518,47 @@ _elm_config_user_dir_snprintf(char *dst, (dst, size, '/', home, strlen(home), ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1); #else -#ifdef DOXDG - home = getenv("XDG_CONFIG_HOME"); - if (home) + if (getuid() == getuid()) { - user_dir_len = eina_str_join_len - (dst, size, '/', home, strlen(home), - "elementary", sizeof("elementary") - 1); +#ifdef DOXDG + home = getenv("XDG_CONFIG_HOME"); + if (home) + { + user_dir_len = eina_str_join_len + (dst, size, '/', home, strlen(home), + "elementary", sizeof("elementary") - 1); + } + else +#endif + { + home = getenv("HOME"); + if (!home) home = "/"; +#ifdef DOXDG + user_dir_len = eina_str_join_len + (dst, size, '/', home, strlen(home), + ".config", sizeof(".config") - 1, + "elementary", sizeof("elementary") - 1); +#else + user_dir_len = eina_str_join_len + (dst, size, '/', home, strlen(home), + ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1); +#endif + } } else -#endif { - home = getenv("HOME"); - if (!home) home = "/"; + struct passwd *pw = getpwent(); + + if ((!pw) || (!pw->pw_dir)) goto end; #ifdef DOXDG user_dir_len = eina_str_join_len - (dst, size, '/', home, strlen(home), - ".config", sizeof(".config") - 1, - "elementary", sizeof("elementary") - 1); + (dst, size, '/', pw->pw_dir, strlen(pw->pw_dir), + ".config", sizeof(".config") - 1, + "elementary", sizeof("elementary") - 1); #else user_dir_len = eina_str_join_len - (dst, size, '/', home, strlen(home), - ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1); + (dst, size, '/', pw->pw_dir, strlen(pw->pw_dir), + ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1); #endif } #endif @@ -872,6 +892,11 @@ _profile_fetch_from_conf(void) if (s) { _elm_profile = strdup(s); + if (_elm_profile) + { + p = strchr(_elm_profile, '/'); + if (p) *p = 0; + } return; } @@ -884,10 +909,16 @@ _profile_fetch_from_conf(void) if (p) { _elm_profile = malloc(len + 1); - memcpy(_elm_profile, p, len); - _elm_profile[len] = 0; - free(p); + if (_elm_profile) + { + memcpy(_elm_profile, p, len); + _elm_profile[len] = 0; + free(p); + } + else free(p); eet_close(ef); + p = strchr(_elm_profile, '/'); + if (p) *p = 0; return; } eet_close(ef); @@ -902,10 +933,16 @@ _profile_fetch_from_conf(void) if (p) { _elm_profile = malloc(len + 1); - memcpy(_elm_profile, p, len); - _elm_profile[len] = 0; - free(p); + if (_elm_profile) + { + memcpy(_elm_profile, p, len); + _elm_profile[len] = 0; + free(p); + } + else free(p); eet_close(ef); + p = strchr(_elm_profile, '/'); + if (p) *p = 0; return; } eet_close(ef); @@ -2538,6 +2575,8 @@ _elm_config_sub_init(void) } _elm_profile = s; if (changed) _prop_config_get(); + s = strchr(_elm_profile, '/'); + if (s) *s = 0; } } } diff --git a/src/lib/elm_conform.c b/src/lib/elm_conform.c index ca42c4b..7317074 100644 --- a/src/lib/elm_conform.c +++ b/src/lib/elm_conform.c @@ -309,6 +309,11 @@ _port_indicator_connect_cb(void *data) sd->port_indi_timer = NULL; return ECORE_CALLBACK_CANCEL; } + if (strchr(indicator_serv_name, '/')) + { + sd->port_indi_timer = NULL; + return ECORE_CALLBACK_CANCEL; + } if (elm_plug_connect(sd->portrait_indicator, indicator_serv_name, 0, EINA_FALSE)) { DBG("Conformant connect to server[%s]\n", indicator_serv_name); @@ -339,6 +344,11 @@ _land_indicator_connect_cb(void *data) sd->land_indi_timer = NULL; return ECORE_CALLBACK_CANCEL; } + if (strchr(indicator_serv_name, '/')) + { + sd->port_indi_timer = NULL; + return ECORE_CALLBACK_CANCEL; + } if (elm_plug_connect(sd->landscape_indicator, indicator_serv_name, 0, EINA_FALSE)) { DBG("Conformant connect to server[%s]\n", indicator_serv_name); @@ -386,6 +396,10 @@ _create_portrait_indicator(Evas_Object *obj) DBG("Conformant cannot get portrait indicator service name\n"); return NULL; } + if (strchr(port_indicator_serv_name, '/')) + { + return NULL; + } port_indicator = elm_plug_add(obj); if (!port_indicator) @@ -423,6 +437,10 @@ _create_landscape_indicator(Evas_Object *obj) DBG("Conformant cannot get portrait indicator service name\n"); return NULL; } + if (strchr(land_indicator_serv_name, '/')) + { + return NULL; + } land_indicator = elm_plug_add(obj); if (!land_indicator) diff --git a/src/lib/elm_module.c b/src/lib/elm_module.c index 11dca41..f0e0903 100644 --- a/src/lib/elm_module.c +++ b/src/lib/elm_module.c @@ -122,55 +122,10 @@ _elm_module_find_as(const char *as) Eina_Bool _elm_module_load(Elm_Module *m) { - const char *home; char buf[PATH_MAX]; if (m->module) return EINA_TRUE; - - home = getenv("HOME"); - if (home) - { - snprintf(buf, sizeof(buf), - "%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s/module" - EFL_SHARED_EXTENSION, home, m->name, MODULE_ARCH); - m->module = eina_module_new(buf); - if ((m->module) && (eina_module_load(m->module) == EINA_TRUE)) - { - m->init_func = - eina_module_symbol_get(m->module, "elm_modapi_init"); - if (m->init_func) - { - m->shutdown_func = - eina_module_symbol_get(m->module, "elm_modapi_shutdown"); - m->so_path = eina_stringshare_add(buf); - snprintf(buf, sizeof(buf), - "%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s", - home, m->name, MODULE_ARCH); - m->bin_dir = eina_stringshare_add(buf); - snprintf(buf, sizeof(buf), - "%s/"ELEMENTARY_BASE_DIR "/modules/%s", - home, m->name); - m->data_dir = eina_stringshare_add(buf); - } - else - { - if (m->module) - { - eina_module_unload(m->module); - eina_module_free(m->module); - m->module = NULL; - } - return EINA_FALSE; - } - } - else if (m->module) - { - eina_module_free(m->module); - m->module = NULL; - } - } - - if (m->module) return EINA_TRUE; + if (strchr(m->name, '/')) return EINA_FALSE; snprintf(buf, sizeof(buf), "%s/elementary/modules/%s/%s/module"EFL_SHARED_EXTENSION, diff --git a/src/lib/elm_url.c b/src/lib/elm_url.c index 736d1a0..c4bbc52 100644 --- a/src/lib/elm_url.c +++ b/src/lib/elm_url.c @@ -98,9 +98,12 @@ elm_url_download(const char *url, Elm_Url_Done done_cb, Elm_Url_Cancel cancel_cb target = ecore_con_url_new(url); if (!target) goto on_error; - if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy")); - if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy")); - if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy")); + if (getuid() == getuid()) + { + if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy")); + if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy")); + if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy")); + } r = malloc(sizeof (Elm_Url)); if (!r) goto on_error; -- 2.7.4