Security fix on DLT pipes.

Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>

diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c
index 53a1ae6..47c395f 100644 (file)
--- a/src/daemon/dlt-daemon.c
+++ b/src/daemon/dlt-daemon.c
@@ -800,10 +800,27 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, DltDaemonLocal *daemon_l
     /* open named pipe(FIFO) to receive DLT messages from users */
     umask(0);
 
+    ret=mkdir(DLT_USER_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IROTH  | S_IWOTH | S_ISVTX );
+    if (ret==-1 && errno != EEXIST)
+    {
+        sprintf(str,"FIFO user dir %s cannot be created!\n", DLT_USER_DIR);
+        dlt_log(LOG_ERR, str);
+        return -1;
+    }
+
+    // S_ISGID cannot be set by mkdir, let's reassign right bits
+    ret=chmod(DLT_USER_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH  | S_IWOTH | S_IXOTH | S_ISGID | S_ISVTX );
+    if (ret==-1)
+    {
+        sprintf(str,"FIFO user dir %s cannot be chmoded!\n", DLT_USER_DIR);
+        dlt_log(LOG_ERR, str);
+        return -1;
+    }
+
     /* Try to delete existing pipe, ignore result of unlink */
     unlink(DLT_USER_FIFO);
 
-    ret=mkfifo(DLT_USER_FIFO, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH  | S_IWOTH );
+    ret=mkfifo(DLT_USER_FIFO, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP );
     if (ret==-1)
     {
         sprintf(str,"FIFO user %s cannot be created!\n",DLT_USER_FIFO);

diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c
index e4368f7..867031c 100644 (file)
--- a/src/lib/dlt_user.c
+++ b/src/lib/dlt_user.c
@@ -182,7 +182,7 @@ int dlt_init(void)
     /* Try to delete existing pipe, ignore result of unlink */
     unlink(filename);
     
-    ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH  | S_IWOTH );
+    ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP );
     if (ret==-1)
     {
         sprintf(str,"Loging disabled, FIFO user %s cannot be created!\n",filename);
@@ -190,6 +190,15 @@ int dlt_init(void)
         /* return 0; */ /* removed to prevent error, when FIFO already exists */
     }
 
+    // S_IWGRP cannot be set by mkfifo (???), let's reassign right bits
+    ret=chmod(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP );
+    if (ret==-1)
+    {
+        sprintf(str,"FIFO user %s cannot be chmoded!\n", DLT_USER_DIR);
+        dlt_log(LOG_ERR, str);
+        return -1;
+    }
+
     dlt_user.dlt_user_handle = open(filename, O_RDWR | O_CLOEXEC);
     if (dlt_user.dlt_user_handle == DLT_FD_INIT)
     {

diff --git a/src/shared/dlt_user_shared_cfg.h b/src/shared/dlt_user_shared_cfg.h
index 20b49bd..b780439 100755 (executable)
--- a/src/shared/dlt_user_shared_cfg.h
+++ b/src/shared/dlt_user_shared_cfg.h
@@ -70,8 +70,8 @@
 /* Changable */\r
 /*************/\r
 \r
-/* Directory, whre the named pipes to the DLT daemon resides */\r
-#define DLT_USER_DIR  "/tmp"\r
+/* Directory, where the named pipes to the DLT daemon resides */\r
+#define DLT_USER_DIR  "/tmp/dltpipes"\r
 \r
 /* Name of named pipe to DLT daemon */\r
 #define DLT_USER_FIFO "/tmp/dlt"\r