rvandegrift
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

setuid safeness - ensure if an app that is setuid doesn't do bad things 

this makes efl ignore certain env vars for thnigs and entirely removes
user modules (that no one ever used) etc. etc. to ensure that *IF* an
app is setuid, there isn't a priv escalation path that is easy.
This commit is contained in:
Carsten Haitzler 2014-01-08 20:32:27 +09:00
parent a7a8b257c2
commit 430f98a628
5 changed files with 87 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
legacy/elementary/src/lib/elm_cnp.c
View File

@ -3508,13 +3508,13 @@ _tempfile_new(int size)
{
#ifdef HAVE_MMAN_H
Tmp_Info *info;
const char *tmppath;
const char *tmppath = NULL;
mode_t cur_umask;
int len;
info = calloc(1, sizeof(Tmp_Info));
if (!info) return NULL;
tmppath = getenv("TMP");
if (getuid() == getuid()) tmppath = getenv("TMP");
if (!tmppath) tmppath = P_tmpdir;
len = snprintf(NULL, 0, "%s/%sXXXXXX", tmppath, "elmcnpitem-");
if (len < 0) goto on_error;

81
legacy/elementary/src/lib/elm_config.c
View File

@ -8,6 +8,7 @@
#include <Elementary.h>
#include "elm_priv.h"
#include <pwd.h>
EAPI int ELM_EVENT_CONFIG_ALL_CHANGED = 0;
@ -508,7 +509,7 @@ _elm_config_user_dir_snprintf(char *dst,
...)
{
const char *home = NULL;
size_t user_dir_len, off;
size_t user_dir_len = 0, off = 0;
va_list ap;
#ifdef _WIN32
@ -517,28 +518,47 @@ _elm_config_user_dir_snprintf(char *dst,
(dst, size, '/', home, strlen(home),
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
#else
#ifdef DOXDG
home = getenv("XDG_CONFIG_HOME");
if (home)
if (getuid() == getuid())
{
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
"elementary", sizeof("elementary") - 1);
#ifdef DOXDG
home = getenv("XDG_CONFIG_HOME");
if (home)
{
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
"elementary", sizeof("elementary") - 1);
}
else
#endif
{
home = getenv("HOME");
if (!home) home = "/";
#ifdef DOXDG
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
".config", sizeof(".config") - 1,
"elementary", sizeof("elementary") - 1);
#else
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
#endif
}
}
else
#endif
{
home = getenv("HOME");
if (!home) home = "/";
struct passwd *pw = getpwent();
if ((!pw) || (!pw->pw_dir)) goto end;
#ifdef DOXDG
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
".config", sizeof(".config") - 1,
"elementary", sizeof("elementary") - 1);
(dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
".config", sizeof(".config") - 1,
"elementary", sizeof("elementary") - 1);
#else
user_dir_len = eina_str_join_len
(dst, size, '/', home, strlen(home),
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
(dst, size, '/', pw->pw_dir, strlen(pw->pw_dir),
ELEMENTARY_BASE_DIR, sizeof(ELEMENTARY_BASE_DIR) - 1);
#endif
}
#endif
@ -872,6 +892,11 @@ _profile_fetch_from_conf(void)
if (s)
{
_elm_profile = strdup(s);
if (_elm_profile)
{
p = strchr(_elm_profile, '/');
if (p) *p = 0;
}
return;
}
@ -884,10 +909,16 @@ _profile_fetch_from_conf(void)
if (p)
{
_elm_profile = malloc(len + 1);
memcpy(_elm_profile, p, len);
_elm_profile[len] = 0;
free(p);
if (_elm_profile)
{
memcpy(_elm_profile, p, len);
_elm_profile[len] = 0;
free(p);
}
else free(p);
eet_close(ef);
p = strchr(_elm_profile, '/');
if (p) *p = 0;
return;
}
eet_close(ef);
@ -902,10 +933,16 @@ _profile_fetch_from_conf(void)
if (p)
{
_elm_profile = malloc(len + 1);
memcpy(_elm_profile, p, len);
_elm_profile[len] = 0;
free(p);
if (_elm_profile)
{
memcpy(_elm_profile, p, len);
_elm_profile[len] = 0;
free(p);
}
else free(p);
eet_close(ef);
p = strchr(_elm_profile, '/');
if (p) *p = 0;
return;
}
eet_close(ef);
@ -2538,6 +2575,8 @@ _elm_config_sub_init(void)
}
_elm_profile = s;
if (changed) _prop_config_get();
s = strchr(_elm_profile, '/');
if (s) *s = 0;
}
}
}

18
legacy/elementary/src/lib/elm_conform.c
View File

@ -309,6 +309,11 @@ _port_indicator_connect_cb(void *data)
sd->port_indi_timer = NULL;
return ECORE_CALLBACK_CANCEL;
}
if (strchr(indicator_serv_name, '/'))
{
sd->port_indi_timer = NULL;
return ECORE_CALLBACK_CANCEL;
}
if (elm_plug_connect(sd->portrait_indicator, indicator_serv_name, 0, EINA_FALSE))
{
DBG("Conformant connect to server[%s]\n", indicator_serv_name);
@ -339,6 +344,11 @@ _land_indicator_connect_cb(void *data)
sd->land_indi_timer = NULL;
return ECORE_CALLBACK_CANCEL;
}
if (strchr(indicator_serv_name, '/'))
{
sd->port_indi_timer = NULL;
return ECORE_CALLBACK_CANCEL;
}
if (elm_plug_connect(sd->landscape_indicator, indicator_serv_name, 0, EINA_FALSE))
{
DBG("Conformant connect to server[%s]\n", indicator_serv_name);
@ -386,6 +396,10 @@ _create_portrait_indicator(Evas_Object *obj)
DBG("Conformant cannot get portrait indicator service name\n");
return NULL;
}
if (strchr(port_indicator_serv_name, '/'))
{
return NULL;
}
port_indicator = elm_plug_add(obj);
if (!port_indicator)
@ -423,6 +437,10 @@ _create_landscape_indicator(Evas_Object *obj)
DBG("Conformant cannot get portrait indicator service name\n");
return NULL;
}
if (strchr(land_indicator_serv_name, '/'))
{
return NULL;
}
land_indicator = elm_plug_add(obj);
if (!land_indicator)

47
legacy/elementary/src/lib/elm_module.c
View File

@ -122,55 +122,10 @@ _elm_module_find_as(const char *as)
Eina_Bool
_elm_module_load(Elm_Module *m)
{
const char *home;
char buf[PATH_MAX];
if (m->module) return EINA_TRUE;
home = getenv("HOME");
if (home)
{
snprintf(buf, sizeof(buf),
"%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s/module"
EFL_SHARED_EXTENSION, home, m->name, MODULE_ARCH);
m->module = eina_module_new(buf);
if ((m->module) && (eina_module_load(m->module) == EINA_TRUE))
{
m->init_func =
eina_module_symbol_get(m->module, "elm_modapi_init");
if (m->init_func)
{
m->shutdown_func =
eina_module_symbol_get(m->module, "elm_modapi_shutdown");
m->so_path = eina_stringshare_add(buf);
snprintf(buf, sizeof(buf),
"%s/"ELEMENTARY_BASE_DIR "/modules/%s/%s",
home, m->name, MODULE_ARCH);
m->bin_dir = eina_stringshare_add(buf);
snprintf(buf, sizeof(buf),
"%s/"ELEMENTARY_BASE_DIR "/modules/%s",
home, m->name);
m->data_dir = eina_stringshare_add(buf);
}
else
{
if (m->module)
{
eina_module_unload(m->module);
eina_module_free(m->module);
m->module = NULL;
}
return EINA_FALSE;
}
}
else if (m->module)
{
eina_module_free(m->module);
m->module = NULL;
}
}
if (m->module) return EINA_TRUE;
if (strchr(m->name, '/')) return EINA_FALSE;
snprintf(buf, sizeof(buf),
"%s/elementary/modules/%s/%s/module"EFL_SHARED_EXTENSION,

9
legacy/elementary/src/lib/elm_url.c
View File

@ -98,9 +98,12 @@ elm_url_download(const char *url, Elm_Url_Done done_cb, Elm_Url_Cancel cancel_cb
target = ecore_con_url_new(url);
if (!target) goto on_error;
if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
if (getuid() == getuid())
{
if (getenv("http_proxy")) ecore_con_url_proxy_set(target, getenv("http_proxy"));
if (getenv("https_proxy")) ecore_con_url_proxy_set(target, getenv("https_proxy"));
if (getenv("ftp_proxy")) ecore_con_url_proxy_set(target, getenv("ftp_proxy"));
}
r = malloc(sizeof (Elm_Url));
if (!r) goto on_error;