vitalif
/
e2fsprogs
mirror of https://github.com/vitalif/e2fsprogs
1
0
Fork 0
Code Issues Releases Wiki Activity

uuidd: Fix issues identified by SuSE's security team 

SuSE's security team audited uuidd and came up with these issues.
None of them are serious given that uuidd runs setuid as a
unprivileged user which has no special access other than libuuid
directory, but it's good to get them fixed.

Signed-off-by: Matthias Koenig <mkoenig@suse.de>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
bitmap-optimize
Matthias Koenig 2008-03-14 13:29:35 -04:00 committed by Theodore Ts'o
parent 82e541885e
commit 4415b03eaa
1 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
misc/uuidd.c
View File

@ -52,6 +52,12 @@ static void usage(const char *progname)
exit(1);
}
static void die(const char *msg)
{
perror(msg);
exit(1);
}
static void create_daemon(void)
{
pid_t pid;
@ -75,7 +81,8 @@ static void create_daemon(void)
chdir("/");
(void) setsid();
euid = geteuid();
(void) setreuid(euid, euid);
if (setreuid(euid, euid) < 0)
die("setreuid");
}
static int read_all(int fd, char *buf, size_t count)
@ -132,7 +139,8 @@ static int call_daemon(const char *socket_path, int op, char *buf,
}
srv_addr.sun_family = AF_UNIX;
strcpy(srv_addr.sun_path, socket_path);
strncpy(srv_addr.sun_path, socket_path, sizeof(srv_addr.sun_path));
srv_addr.sun_path[sizeof(srv_addr.sun_path)-1] = '\0';
if (connect(s, (const struct sockaddr *) &srv_addr,
sizeof(struct sockaddr_un)) < 0) {
@ -252,7 +260,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
* Create the address we will be binding to.
*/
my_addr.sun_family = AF_UNIX;
strcpy(my_addr.sun_path, socket_path);
strncpy(my_addr.sun_path, socket_path, sizeof(my_addr.sun_path));
my_addr.sun_path[sizeof(my_addr.sun_path)-1] = '\0';
(void) unlink(socket_path);
save_umask = umask(0);
if (bind(s, (const struct sockaddr *) &my_addr,
@ -415,11 +424,11 @@ int main(int argc, char **argv)
switch (c) {
case 'd':
debug++;
drop_privs++;
drop_privs = 1;
break;
case 'k':
do_kill++;
drop_privs++;
drop_privs = 1;
break;
case 'n':
num = strtol(optarg, &tmp, 0);
@ -429,18 +438,18 @@ int main(int argc, char **argv)
}
case 'p':
pidfile_path = optarg;
drop_privs++;
drop_privs = 1;
break;
case 'q':
quiet++;
break;
case 's':
socket_path = optarg;
drop_privs++;
drop_privs = 1;
break;
case 't':
do_type = UUIDD_OP_TIME_UUID;
drop_privs++;
drop_privs = 1;
break;
case 'T':
timeout = strtol(optarg, &tmp, 0);
@ -451,7 +460,7 @@ int main(int argc, char **argv)
break;
case 'r':
do_type = UUIDD_OP_RANDOM_UUID;
drop_privs++;
drop_privs = 1;
break;
default:
usage(argv[0]);
@ -460,15 +469,20 @@ int main(int argc, char **argv)
uid = getuid();
if (uid && drop_privs) {
gid = getgid();
#ifdef HAVE_SETRESUID
setresuid(uid, uid, uid);
#else
setreuid(uid, uid);
#endif
#ifdef HAVE_SETRESGID
setresgid(gid, gid, gid);
if (setresgid(gid, gid, gid) < 0)
die("setresgid");
#else
setregid(gid, gid);
if (setregid(gid, gid) < 0)
die("setregid");
#endif
#ifdef HAVE_SETRESUID
if (setresuid(uid, uid, uid) < 0)
die("setresuid");
#else
if (setreuid(uid, uid) < 0)
die("setreuid");
#endif
}
if (num && do_type) {