Any paths on the system which are world-writable are insecure and should
not be used for loading drivers. Therefore check each driver path before
loading it and error out on insecure ones.

Signed-off-by: Bruce Richardson <bruce.richard...@intel.com>
---
 lib/librte_eal/common/eal_common_options.c | 75 ++++++++++++++++++++--
 1 file changed, 69 insertions(+), 6 deletions(-)

diff --git a/lib/librte_eal/common/eal_common_options.c 
b/lib/librte_eal/common/eal_common_options.c
index 7aef6df4c..2a62a1342 100644
--- a/lib/librte_eal/common/eal_common_options.c
+++ b/lib/librte_eal/common/eal_common_options.c
@@ -15,6 +15,7 @@
 #include <getopt.h>
 #ifndef RTE_EXEC_ENV_WINDOWS
 #include <dlfcn.h>
+#include <libgen.h>
 #endif
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -368,10 +369,74 @@ eal_plugindir_init(const char *path)
        return (dent == NULL) ? 0 : -1;
 }
 
+#ifdef RTE_EXEC_ENV_WINDOWS
+int
+eal_plugins_init(void)
+{
+       return 0;
+}
+#else
+
+static int
+verify_perms(const char *dirpath)
+{
+       struct stat st;
+
+       /* if not root, check down one level first */
+       if (strcmp(dirpath, "/") != 0) {
+               char copy[PATH_MAX];
+
+               strlcpy(copy, dirpath, PATH_MAX);
+               if (verify_perms(dirname(copy)) != 0)
+                       return -1;
+       }
+
+       /* call stat to check for permissions and ensure not world writable */
+       if (stat(dirpath, &st) != 0) {
+               RTE_LOG(ERR, EAL, "Error with stat on %s, %s\n",
+                               dirpath, strerror(errno));
+               return -1;
+       }
+       if (st.st_mode & S_IWOTH) {
+               RTE_LOG(ERR, EAL,
+                               "Error, directory path %s is world-writable and 
insecure\n",
+                               dirpath);
+               return -1;
+       }
+
+       return 0;
+}
+
+static void *
+eal_dlopen(const char *pathname)
+{
+       void *retval = NULL;
+       char *realp = realpath(pathname, NULL);
+
+       if (realp == NULL) {
+               RTE_LOG(ERR, EAL, "Error with realpath, %s\n", strerror(errno));
+               goto out;
+       }
+       if (strnlen(realp, PATH_MAX) == PATH_MAX) {
+               RTE_LOG(ERR, EAL, "Error, driver path greater than PATH_MAX\n");
+               goto out;
+       }
+
+       /* do permissions checks */
+       if (verify_perms(realp) != 0)
+               goto out;
+
+       retval = dlopen(realp, RTLD_NOW);
+       if (retval == NULL)
+               RTE_LOG(ERR, EAL, "%s\n", dlerror());
+out:
+       free(realp);
+       return retval;
+}
+
 int
 eal_plugins_init(void)
 {
-#ifndef RTE_EXEC_ENV_WINDOWS
        struct shared_driver *solib = NULL;
        struct stat sb;
 
@@ -391,17 +456,15 @@ eal_plugins_init(void)
                } else {
                        RTE_LOG(DEBUG, EAL, "open shared lib %s\n",
                                solib->name);
-                       solib->lib_handle = dlopen(solib->name, RTLD_NOW);
-                       if (solib->lib_handle == NULL) {
-                               RTE_LOG(ERR, EAL, "%s\n", dlerror());
+                       solib->lib_handle = eal_dlopen(solib->name);
+                       if (solib->lib_handle == NULL)
                                return -1;
-                       }
                }
 
        }
        return 0;
-#endif
 }
+#endif
 
 /*
  * Parse the coremask given as argument (hexadecimal string) and fill
-- 
2.25.1

Reply via email to