From f0da65c408fa2c8a776d91733fde94f10c63147f Mon Sep 17 00:00:00 2001 From: Jan Cybulski Date: Fri, 18 Jul 2014 10:56:11 +0200 Subject: Register only directories inside user's HOME Change-Id: I546ba542dea481db2efebb24bbe03e5cd87d7220 Signed-off-by: Jan Cybulski --- src/server/service/installer.cpp | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/src/server/service/installer.cpp b/src/server/service/installer.cpp index 6451dc8e..286fce69 100644 --- a/src/server/service/installer.cpp +++ b/src/server/service/installer.cpp @@ -29,6 +29,9 @@ #include #include #include +#include +#include +#include #include "installer.h" #include "protocols.h" @@ -177,12 +180,39 @@ bool InstallerService::processOne(const ConnectionID &conn, MessageBuffer &buffe static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid) { - for (const auto &appPath : req.appPaths) { - app_install_path_type pathType = static_cast(appPath.second); - if (pathType == SECURITY_MANAGER_PATH_PUBLIC && uid != 0) { - LogDebug("Only root can register SECURITY_MANAGER_PATH_PUBLIC path"); + struct passwd *pwd; + char buffer[PATH_MAX]; + do { + errno = 0; + pwd = getpwuid(uid); + if (!pwd && errno != EINTR) { + LogError("getpwuid failed with '" << uid << "' as paramter: " << strerror(errno)); return false; } + } while (!pwd); + + for (const auto &appPath : req.appPaths) { + + if (uid != 0) { + char *real_path = realpath(appPath.first.c_str(), buffer); + if (!real_path) { + LogError("realpath failed with '" << appPath.first.c_str() + << "' as paramter: " << strerror(errno)); + return false; + } + LogDebug("Requested path is '" << appPath.first.c_str() + << "'. User's HOME is '" << pwd->pw_dir << "'"); + if (strncmp(pwd->pw_dir, real_path, strlen(pwd->pw_dir))!=0) { + LogWarning("User's apps may have registered folders only in user's home dir"); + return false; + } + + app_install_path_type pathType = static_cast(appPath.second); + if (pathType == SECURITY_MANAGER_PATH_PUBLIC) { + LogWarning("Only root can register SECURITY_MANAGER_PATH_PUBLIC path"); + return false; + } + } } return true; } -- cgit v1.2.3