|
|
a60cd7 |
From b72616471ec52a009904689592f4f69e730a6f56 Mon Sep 17 00:00:00 2001
|
|
|
a60cd7 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
Date: Fri, 17 Apr 2015 14:42:13 +0200
|
|
|
a60cd7 |
Subject: [ABRT PATCH] ccpp: harden dealing with UID/GID
|
|
|
a60cd7 |
|
|
|
a60cd7 |
* Don't fall back to UID 0.
|
|
|
a60cd7 |
* Use fsgid.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
This issue was discovered by Florian Weimer of Red Hat Product Security.
|
|
|
a60cd7 |
|
|
|
a60cd7 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
a60cd7 |
---
|
|
|
a60cd7 |
src/hooks/abrt-hook-ccpp.c | 39 ++++++++++++++++++++++++++-------------
|
|
|
a60cd7 |
1 file changed, 26 insertions(+), 13 deletions(-)
|
|
|
a60cd7 |
|
|
|
a60cd7 |
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
index d600bb7..d9f1f5e 100644
|
|
|
a60cd7 |
--- a/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
+++ b/src/hooks/abrt-hook-ccpp.c
|
|
|
a60cd7 |
@@ -218,23 +218,27 @@ static char* get_rootdir(pid_t pid)
|
|
|
a60cd7 |
return malloc_readlink(buf);
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
|
|
|
a60cd7 |
-static int get_fsuid(void)
|
|
|
a60cd7 |
+static int get_proc_fs_id(char type)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
- int real, euid, saved;
|
|
|
a60cd7 |
- /* if we fail to parse the uid, then make it root only readable to be safe */
|
|
|
a60cd7 |
- int fs_uid = 0;
|
|
|
a60cd7 |
+ const char *scanf_format = "%*cid:\t%d\t%d\t%d\t%d\n";
|
|
|
a60cd7 |
+ char id_type[] = "_id";
|
|
|
a60cd7 |
+ id_type[0] = type;
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ int real, e_id, saved;
|
|
|
a60cd7 |
+ int fs_id = 0;
|
|
|
a60cd7 |
|
|
|
a60cd7 |
char *line = proc_pid_status; /* never NULL */
|
|
|
a60cd7 |
for (;;)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
- if (strncmp(line, "Uid", 3) == 0)
|
|
|
a60cd7 |
+ if (strncmp(line, id_type, 3) == 0)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
- int n = sscanf(line, "Uid:\t%d\t%d\t%d\t%d\n", &real, &euid, &saved, &fs_uid);
|
|
|
a60cd7 |
+ int n = sscanf(line, scanf_format, &real, &e_id, &saved, &fs_id);
|
|
|
a60cd7 |
if (n != 4)
|
|
|
a60cd7 |
{
|
|
|
a60cd7 |
- perror_msg_and_die("Can't parse Uid: line");
|
|
|
a60cd7 |
+ perror_msg_and_die("Can't parse %cid: line", type);
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
- break;
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ return fs_id;
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
line = strchr(line, '\n');
|
|
|
a60cd7 |
if (!line)
|
|
|
a60cd7 |
@@ -242,7 +246,17 @@ static int get_fsuid(void)
|
|
|
a60cd7 |
line++;
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
|
|
|
a60cd7 |
- return fs_uid;
|
|
|
a60cd7 |
+ perror_msg_and_die("Failed to get file system %cID of the crashed process", type);
|
|
|
a60cd7 |
+}
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+static int get_fsuid(void)
|
|
|
a60cd7 |
+{
|
|
|
a60cd7 |
+ return get_proc_fs_id(/*UID*/'U');
|
|
|
a60cd7 |
+}
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+static int get_fsgid(void)
|
|
|
a60cd7 |
+{
|
|
|
a60cd7 |
+ return get_proc_fs_id(/*GID*/'G');
|
|
|
a60cd7 |
}
|
|
|
a60cd7 |
|
|
|
a60cd7 |
static int dump_suid_policy()
|
|
|
a60cd7 |
@@ -278,10 +292,9 @@ static int open_user_core(uid_t uid, uid_t fsuid, pid_t pid, char **percent_valu
|
|
|
a60cd7 |
if (proc_cwd == NULL)
|
|
|
a60cd7 |
return -1;
|
|
|
a60cd7 |
|
|
|
a60cd7 |
- struct passwd* pw = getpwuid(uid);
|
|
|
a60cd7 |
- gid_t gid = pw ? pw->pw_gid : uid;
|
|
|
a60cd7 |
- //log("setting uid: %i gid: %i", uid, gid);
|
|
|
a60cd7 |
- xsetegid(gid);
|
|
|
a60cd7 |
+ errno = 0;
|
|
|
a60cd7 |
+
|
|
|
a60cd7 |
+ xsetegid(get_fsgid());
|
|
|
a60cd7 |
xseteuid(fsuid);
|
|
|
a60cd7 |
|
|
|
a60cd7 |
if (strcmp(core_basename, "core") == 0)
|
|
|
a60cd7 |
--
|
|
|
a60cd7 |
1.8.3.1
|
|
|
a60cd7 |
|