|
Matej Habrnal |
fa1950 |
From 2b1fa2caf4ef3cb253e931f53b43fc9499661da4 Mon Sep 17 00:00:00 2001
|
|
Matej Habrnal |
fa1950 |
From: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
Date: Thu, 16 Apr 2015 11:12:40 +0200
|
|
Matej Habrnal |
fa1950 |
Subject: [PATCH] turn off exploring crashed process's root directories
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
A local user can arrange a process root directory in way that abrt will
|
|
Matej Habrnal |
fa1950 |
make a copy of file not accessible by the attacker.
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
I don't want to remove the chroot code entirely because it might be
|
|
Matej Habrnal |
fa1950 |
useful for non-production environments.
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Related: #1211835
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
Matej Habrnal |
fa1950 |
---
|
|
Matej Habrnal |
fa1950 |
src/daemon/abrt-action-save-package-data.c | 6 +++++-
|
|
Matej Habrnal |
fa1950 |
src/daemon/abrt.conf | 16 ++++++++++++++++
|
|
Matej Habrnal |
fa1950 |
src/hooks/abrt-hook-ccpp.c | 12 +++++++++++-
|
|
Matej Habrnal |
fa1950 |
src/include/libabrt.h | 2 ++
|
|
Matej Habrnal |
fa1950 |
src/lib/abrt_conf.c | 10 ++++++++++
|
|
Matej Habrnal |
fa1950 |
5 files changed, 44 insertions(+), 2 deletions(-)
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/daemon/abrt-action-save-package-data.c b/src/daemon/abrt-action-save-package-data.c
|
|
Matej Habrnal |
fa1950 |
index cc86327..816e0d0 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/daemon/abrt-action-save-package-data.c
|
|
Matej Habrnal |
fa1950 |
+++ b/src/daemon/abrt-action-save-package-data.c
|
|
Matej Habrnal |
fa1950 |
@@ -239,7 +239,11 @@ static int SavePackageDescriptionToDebugDump(const char *dump_dir_name)
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
cmdline = dd_load_text_ext(dd, FILENAME_CMDLINE, DD_FAIL_QUIETLY_ENOENT);
|
|
Matej Habrnal |
fa1950 |
executable = dd_load_text(dd, FILENAME_EXECUTABLE);
|
|
Matej Habrnal |
fa1950 |
- rootdir = dd_load_text_ext(dd, FILENAME_ROOTDIR,
|
|
Matej Habrnal |
fa1950 |
+
|
|
Matej Habrnal |
fa1950 |
+ /* Do not implicitly query rpm database in process's root dir, if
|
|
Matej Habrnal |
fa1950 |
+ * ExploreChroots is disabled. */
|
|
Matej Habrnal |
fa1950 |
+ if (g_settings_explorechroots)
|
|
Matej Habrnal |
fa1950 |
+ rootdir = dd_load_text_ext(dd, FILENAME_ROOTDIR,
|
|
Matej Habrnal |
fa1950 |
DD_FAIL_QUIETLY_ENOENT | DD_LOAD_TEXT_RETURN_NULL_ON_FAILURE);
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
/* Close dd while we query package database. It can take some time,
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/daemon/abrt.conf b/src/daemon/abrt.conf
|
|
Matej Habrnal |
fa1950 |
index 59d1831..02e969d 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/daemon/abrt.conf
|
|
Matej Habrnal |
fa1950 |
+++ b/src/daemon/abrt.conf
|
|
Matej Habrnal |
fa1950 |
@@ -43,3 +43,19 @@ AutoreportingEnabled = no
|
|
Matej Habrnal |
fa1950 |
# session; otherwise No.
|
|
Matej Habrnal |
fa1950 |
#
|
|
Matej Habrnal |
fa1950 |
# ShortenedReporting = yes
|
|
Matej Habrnal |
fa1950 |
+
|
|
Matej Habrnal |
fa1950 |
+# Enables various features exploring process's root directories if they differ
|
|
Matej Habrnal |
fa1950 |
+# from the default root directory. The folowing list includes examples of
|
|
Matej Habrnal |
fa1950 |
+# enabled features:
|
|
Matej Habrnal |
fa1950 |
+# * query the rpm database in the process's root directory
|
|
Matej Habrnal |
fa1950 |
+# * save files like /etc/os-release from the process's root directory
|
|
Matej Habrnal |
fa1950 |
+#
|
|
Matej Habrnal |
fa1950 |
+# This feature is disabled by default because it might be used by a local user
|
|
Matej Habrnal |
fa1950 |
+# to steal your data.
|
|
Matej Habrnal |
fa1950 |
+#
|
|
Matej Habrnal |
fa1950 |
+# Caution:
|
|
Matej Habrnal |
fa1950 |
+#
|
|
Matej Habrnal |
fa1950 |
+# THIS FEATURE MIGHT BE USED BY A LOCAL USER TO STEEL YOUR DATA BY ARRANGING A
|
|
Matej Habrnal |
fa1950 |
+# SPECIAL ROOT DIRECTORY IN USER MOUNT NAMESAPCE
|
|
Matej Habrnal |
fa1950 |
+#
|
|
Matej Habrnal |
fa1950 |
+# ExploreChroots = false
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
|
|
Matej Habrnal |
fa1950 |
index e1d81b6..7626a97 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/hooks/abrt-hook-ccpp.c
|
|
Matej Habrnal |
fa1950 |
+++ b/src/hooks/abrt-hook-ccpp.c
|
|
Matej Habrnal |
fa1950 |
@@ -601,7 +601,17 @@ int main(int argc, char** argv)
|
|
Matej Habrnal |
fa1950 |
{
|
|
Matej Habrnal |
fa1950 |
char *rootdir = get_rootdir(pid);
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
- dd_create_basic_files(dd, fsuid, (rootdir && strcmp(rootdir, "/") != 0) ? rootdir : NULL);
|
|
Matej Habrnal |
fa1950 |
+ /* Reading data from an arbitrary root directory is not secure. */
|
|
Matej Habrnal |
fa1950 |
+ if (g_settings_explorechroots)
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ /* Yes, test 'rootdir' but use 'source_filename' because 'rootdir' can
|
|
Matej Habrnal |
fa1950 |
+ * be '/' for a process with own namespace. 'source_filename' is /proc/[pid]/root. */
|
|
Matej Habrnal |
fa1950 |
+ dd_create_basic_files(dd, fsuid, (rootdir != NULL) ? rootdir : NULL);
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
+ else
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ dd_create_basic_files(dd, fsuid, NULL);
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
char source_filename[sizeof("/proc/%lu/somewhat_long_name") + sizeof(long)*3];
|
|
Matej Habrnal |
fa1950 |
int source_base_ofs = sprintf(source_filename, "/proc/%lu/smaps", (long)pid);
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/include/libabrt.h b/src/include/libabrt.h
|
|
Matej Habrnal |
fa1950 |
index 65d30a1..abfbc97 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/include/libabrt.h
|
|
Matej Habrnal |
fa1950 |
+++ b/src/include/libabrt.h
|
|
Matej Habrnal |
fa1950 |
@@ -62,6 +62,8 @@ extern bool g_settings_autoreporting;
|
|
Matej Habrnal |
fa1950 |
extern char * g_settings_autoreporting_event;
|
|
Matej Habrnal |
fa1950 |
#define g_settings_shortenedreporting abrt_g_settings_shortenedreporting
|
|
Matej Habrnal |
fa1950 |
extern bool g_settings_shortenedreporting;
|
|
Matej Habrnal |
fa1950 |
+#define g_settings_explorechroots abrt_g_settings_explorechroots
|
|
Matej Habrnal |
fa1950 |
+extern bool g_settings_explorechroots;
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
#define load_abrt_conf abrt_load_abrt_conf
|
|
Matej Habrnal |
fa1950 |
diff --git a/src/lib/abrt_conf.c b/src/lib/abrt_conf.c
|
|
Matej Habrnal |
fa1950 |
index f7fdc6d..46ff689 100644
|
|
Matej Habrnal |
fa1950 |
--- a/src/lib/abrt_conf.c
|
|
Matej Habrnal |
fa1950 |
+++ b/src/lib/abrt_conf.c
|
|
Matej Habrnal |
fa1950 |
@@ -27,6 +27,7 @@ bool g_settings_delete_uploaded = 0;
|
|
Matej Habrnal |
fa1950 |
bool g_settings_autoreporting = 0;
|
|
Matej Habrnal |
fa1950 |
char * g_settings_autoreporting_event = NULL;
|
|
Matej Habrnal |
fa1950 |
bool g_settings_shortenedreporting = 0;
|
|
Matej Habrnal |
fa1950 |
+bool g_settings_explorechroots = 0;
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
void free_abrt_conf_data()
|
|
Matej Habrnal |
fa1950 |
{
|
|
Matej Habrnal |
fa1950 |
@@ -106,6 +107,15 @@ static void ParseCommon(map_string_t *settings, const char *conf_filename)
|
|
Matej Habrnal |
fa1950 |
g_settings_shortenedreporting = (desktop_env && strcasestr(desktop_env, "gnome") != NULL);
|
|
Matej Habrnal |
fa1950 |
}
|
|
Matej Habrnal |
fa1950 |
|
|
Matej Habrnal |
fa1950 |
+ value = get_map_string_item_or_NULL(settings, "ExploreChroots");
|
|
Matej Habrnal |
fa1950 |
+ if (value)
|
|
Matej Habrnal |
fa1950 |
+ {
|
|
Matej Habrnal |
fa1950 |
+ g_settings_explorechroots = string_to_bool(value);
|
|
Matej Habrnal |
fa1950 |
+ remove_map_string_item(settings, "ExploreChroots");
|
|
Matej Habrnal |
fa1950 |
+ }
|
|
Matej Habrnal |
fa1950 |
+ else
|
|
Matej Habrnal |
fa1950 |
+ g_settings_explorechroots = false;
|
|
Matej Habrnal |
fa1950 |
+
|
|
Matej Habrnal |
fa1950 |
GHashTableIter iter;
|
|
Matej Habrnal |
fa1950 |
const char *name;
|
|
Matej Habrnal |
fa1950 |
/*char *value; - already declared */
|
|
Matej Habrnal |
fa1950 |
--
|
|
Matej Habrnal |
fa1950 |
2.1.0
|
|
Matej Habrnal |
fa1950 |
|