From 4e85328fd73b0d61fb82b535a7d2d8b642b3f95f Mon Sep 17 00:00:00 2001 From: Jakub Filak Date: Thu, 7 May 2015 11:07:12 +0200 Subject: [PATCH] daemon, dbus: allow only root to create CCpp, Koops, vmcore and xorg MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Florian Weimer : This prevents users from feeding things that are not actually coredumps and excerpts from /proc to these analyzers. For example, it should not be possible to trigger a rule with “EVENT=post-create analyzer=CCpp” using NewProblem Related: #1212861 Signed-off-by: Jakub Filak --- src/daemon/abrt-server.c | 2 +- src/dbus/abrt-dbus.c | 10 +++++++++- src/include/libabrt.h | 2 ++ src/lib/hooklib.c | 24 ++++++++++++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c index 5fc4b1a..90339ab 100644 --- a/src/daemon/abrt-server.c +++ b/src/daemon/abrt-server.c @@ -486,7 +486,7 @@ static gboolean key_value_ok(gchar *key, gchar *value) } } - return TRUE; + return allowed_new_user_problem_entry(client_uid, key, value); } /* Handles a message received from client over socket. */ diff --git a/src/dbus/abrt-dbus.c b/src/dbus/abrt-dbus.c index 489d273..62f331b 100644 --- a/src/dbus/abrt-dbus.c +++ b/src/dbus/abrt-dbus.c @@ -175,6 +175,7 @@ bool allowed_problem_element(GDBusMethodInvocation *invocation, const char *elem static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char **error) { + char *problem_id = NULL; problem_data_t *pd = problem_data_new(); GVariantIter *iter; @@ -182,6 +183,12 @@ static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char * gchar *key, *value; while (g_variant_iter_loop(iter, "{ss}", &key, &value)) { + if (allowed_new_user_problem_entry(caller_uid, key, value) == false) + { + *error = xasprintf("You are not allowed to create element '%s' containing '%s'", key, value); + goto finito; + } + problem_data_add_text_editable(pd, key, value); } @@ -196,12 +203,13 @@ static char *handle_new_problem(GVariant *problem_info, uid_t caller_uid, char * /* At least it should generate local problem identifier UUID */ problem_data_add_basics(pd); - char *problem_id = problem_data_save(pd); + problem_id = problem_data_save(pd); if (problem_id) notify_new_path(problem_id); else if (error) *error = xasprintf("Cannot create a new problem"); +finito: problem_data_free(pd); return problem_id; } diff --git a/src/include/libabrt.h b/src/include/libabrt.h index 9de222d..5178eef 100644 --- a/src/include/libabrt.h +++ b/src/include/libabrt.h @@ -56,6 +56,8 @@ enum { }; #define dir_has_correct_permissions abrt_dir_has_correct_permissions bool dir_has_correct_permissions(const char *dir_name, int flags); +#define allowed_new_user_problem_entry abrt_allowed_new_user_problem_entry +bool allowed_new_user_problem_entry(uid_t uid, const char *name, const char *value); #define g_settings_nMaxCrashReportsSize abrt_g_settings_nMaxCrashReportsSize extern unsigned int g_settings_nMaxCrashReportsSize; diff --git a/src/lib/hooklib.c b/src/lib/hooklib.c index c94cadf..0a8d703 100644 --- a/src/lib/hooklib.c +++ b/src/lib/hooklib.c @@ -552,3 +552,27 @@ bool dir_has_correct_permissions(const char *dir_name, int flags) */ return correct_group; } + +bool allowed_new_user_problem_entry(uid_t uid, const char *name, const char *value) +{ + /* Allow root to create everything */ + if (uid == 0) + return true; + + /* Permit non-root users to create everything except: analyzer and type */ + if (strcmp(name, FILENAME_ANALYZER) != 0 + && strcmp(name, FILENAME_TYPE) != 0 + /* compatibility value used in abrt-server */ + && strcmp(name, "basename") != 0) + return true; + + /* Permit non-root users to create all types except: C/C++, Koops, vmcore and xorg */ + if (strcmp(value, "CCpp") != 0 + && strcmp(value, "Kerneloops") != 0 + && strcmp(value, "vmcore") != 0 + && strcmp(value, "xorg") != 0) + return true; + + error_msg("Only root is permitted to create element '%s' containing '%s'", name, value); + return false; +} -- 2.1.0