summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-11-30 22:26:30 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2013-11-30 22:26:30 +0900
commitbb4a21e98656fe2c7d98ba2163e6defe9a630e2b (patch)
tree7cb4b643760be6b800df0fd9aa327ae188bfaa9c
parent8803e7fed2ffd67981d0fc517c73ad9ae9ca2eb9 (diff)
e_sys - address security concerns with environment and gdb
1. clear out environment as best is possible before executing anything. especially PATH and IFS are set to minimal base defaults. also use clearenv() if available and unsetenv() 2. remove gdb method as it's just too dangerous. run it as normal as the user and if the kernel / distro dny that - then sorry. too bad.
-rw-r--r--configure.ac2
-rw-r--r--data/etc/sysactions.conf.in15
-rw-r--r--src/bin/e_start_main.c3
-rw-r--r--src/bin/e_sys_main.c61
4 files changed, 34 insertions, 47 deletions
diff --git a/configure.ac b/configure.ac
index 859090e10..420fcc099 100644
--- a/configure.ac
+++ b/configure.ac
@@ -73,6 +73,8 @@ EFL_CHECK_PATH_MAX
73 73
74AC_CHECK_FUNCS(setenv) 74AC_CHECK_FUNCS(setenv)
75AC_CHECK_FUNCS(unsetenv) 75AC_CHECK_FUNCS(unsetenv)
76AC_CHECK_FUNCS(clearenv)
77AC_CHECK_HEADERS([features.h])
76 78
77efl_version="1.8.0" 79efl_version="1.8.0"
78AC_SUBST(efl_version) 80AC_SUBST(efl_version)
diff --git a/data/etc/sysactions.conf.in b/data/etc/sysactions.conf.in
index eccb4af56..19520ff2c 100644
--- a/data/etc/sysactions.conf.in
+++ b/data/etc/sysactions.conf.in
@@ -43,15 +43,14 @@
43# user and group name can use glob matches (* == all for example) like the 43# user and group name can use glob matches (* == all for example) like the
44# shell. as can action names allowed or denied. 44# shell. as can action names allowed or denied.
45 45
46action: halt @HALT@ 46action: halt @HALT@
47action: reboot @REBOOT@ 47action: reboot @REBOOT@
48action: suspend @SUSPEND@ 48action: suspend @SUSPEND@
49action: hibernate @HIBERNATE@ 49action: hibernate @HIBERNATE@
50action: /bin/mount /bin/mount 50action: /bin/mount /bin/mount
51action: /bin/umount /bin/umount 51action: /bin/umount /bin/umount
52action: /usr/bin/eject /usr/bin/eject 52action: /usr/bin/eject /usr/bin/eject
53action: gdb gdb 53action: l2ping /usr/bin/l2ping
54action: l2ping l2ping
55 54
56# on FreeBSD use this instead of the above. 55# on FreeBSD use this instead of the above.
57#action suspend /usr/sbin/zzz 56#action suspend /usr/sbin/zzz
diff --git a/src/bin/e_start_main.c b/src/bin/e_start_main.c
index 26291556a..64aa5d4c7 100644
--- a/src/bin/e_start_main.c
+++ b/src/bin/e_start_main.c
@@ -567,8 +567,7 @@ main(int argc, char **argv)
567 { 567 {
568 /* call e_sys gdb */ 568 /* call e_sys gdb */
569 snprintf(buffer, 4096, 569 snprintf(buffer, 4096,
570 "%s/enlightenment/utils/enlightenment_sys gdb %i %s/.e-crashdump.txt", 570 "gdb %i %s/.e-crashdump.txt",
571 eina_prefix_lib_get(pfx),
572 child, 571 child,
573 home); 572 home);
574 r = system(buffer); 573 r = system(buffer);
diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index baf018bf8..e833dac8e 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -1,5 +1,11 @@
1#include "config.h" 1#include "config.h"
2 2
3#define __USE_MISC
4#define _SVID_SOURCE
5#ifdef HAVE_FEATURES_H
6# include <features.h>
7#endif
8
3#include <stdio.h> 9#include <stdio.h>
4#include <stdlib.h> 10#include <stdlib.h>
5#include <unistd.h> 11#include <unistd.h>
@@ -53,7 +59,6 @@ main(int argc,
53 const char *act; 59 const char *act;
54#endif 60#endif
55 gid_t gid, gl[65536], egid; 61 gid_t gid, gl[65536], egid;
56 int pid = 0;
57 62
58 for (i = 1; i < argc; i++) 63 for (i = 1; i < argc; i++)
59 { 64 {
@@ -75,21 +80,6 @@ main(int argc,
75 test = 1; 80 test = 1;
76 action = argv[2]; 81 action = argv[2];
77 } 82 }
78 else if (!strcmp(argv[1], "gdb"))
79 {
80 if (argc != 4) exit(1);
81 char *end = NULL;
82
83 action = argv[1];
84 pid = strtoul(argv[2], &end, 10);
85 if (end == NULL || *end != '\0')
86 {
87 printf("Invalid pid for '%s'.\n", argv[3]);
88 exit(0);
89 }
90
91 output = argv[3];
92 }
93 else if (!strcmp(argv[1], "l2ping")) 83 else if (!strcmp(argv[1], "l2ping"))
94 { 84 {
95 action = argv[1]; 85 action = argv[1];
@@ -161,27 +151,7 @@ main(int argc,
161 exit(20); 151 exit(20);
162 } 152 }
163 153
164 if (!strcmp(action, "gdb")) 154 if (!test && !strcmp(action, "l2ping"))
165 {
166 char buffer[4096];
167 int r;
168
169 snprintf(buffer, 4096,
170 "%s --pid=%i "
171 "-batch "
172 "-ex 'set logging file %s' "
173 "-ex 'set logging on' "
174 "-ex 'thread apply all backtrace full' "
175 "-ex detach > /dev/null 2>&1 < /dev/zero",
176 cmd,
177 pid,
178 output ?: "e-output.txt");
179
180 r = system(buffer);
181
182 exit(WEXITSTATUS(r));
183 }
184 else if (!test && !strcmp(action, "l2ping"))
185 { 155 {
186 char tmp[128]; 156 char tmp[128];
187 double latency; 157 double latency;
@@ -193,6 +163,23 @@ main(int argc,
193 163
194 return (latency < 0) ? 1 : 0; 164 return (latency < 0) ? 1 : 0;
195 } 165 }
166 /* sanitize environment */
167#ifdef HAVE_UNSETENV
168# define NOENV(x) unsetenv(x)
169#else
170# define NOENV(x)
171#endif
172 NOENV("IFS");
173 NOENV("LD_PRELOAD");
174 NOENV("PYTHONPATH");
175 NOENV("LD_LIBRARY_PATH");
176#ifdef HAVE_CLEARENV
177 clearenv();
178#endif
179 /* set path and ifs to minimal defaults */
180 putenv("PATH=/bin:/usr/bin");
181 putenv("IFS= \t\n");
182
196 if ((!test) 183 if ((!test)
197#ifdef HAVE_EEZE_MOUNT 184#ifdef HAVE_EEZE_MOUNT
198 && (!mnt) 185 && (!mnt)