[EGIT] [core/enlightenment] master 01/01: e_sys - address security concerns with environment and gdb

Sat, 30 Nov 2013 05:35:41 -0800 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b

commit bb4a21e98656fe2c7d98ba2163e6defe9a630e2b
Author: Carsten Haitzler (Rasterman) <[email protected]>
Date:   Sat Nov 30 22:26:30 2013 +0900

    e_sys - address security concerns with environment and gdb
    
    1. clear out environment as best is possible before executing
    anything. especially PATH and IFS are set to minimal base defaults.
    also use clearenv() if available and unsetenv()
    
    2. remove gdb method as it's just too dangerous. run it as normal as
    the user and if the kernel / distro dny that - then sorry. too bad.
---
 configure.ac                |  2 ++
 data/etc/sysactions.conf.in | 15 ++++++-----
 src/bin/e_start_main.c      |  3 +--
 src/bin/e_sys_main.c        | 61 ++++++++++++++++++---------------------------
 4 files changed, 34 insertions(+), 47 deletions(-)

diff --git a/configure.ac b/configure.ac
index 859090e..420fcc0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -73,6 +73,8 @@ EFL_CHECK_PATH_MAX
 
 AC_CHECK_FUNCS(setenv)
 AC_CHECK_FUNCS(unsetenv)
+AC_CHECK_FUNCS(clearenv)
+AC_CHECK_HEADERS([features.h])
 
 efl_version="1.8.0"
 AC_SUBST(efl_version)
diff --git a/data/etc/sysactions.conf.in b/data/etc/sysactions.conf.in
index eccb4af..19520ff 100644
--- a/data/etc/sysactions.conf.in
+++ b/data/etc/sysactions.conf.in
@@ -43,15 +43,14 @@
 # user and group name can use glob matches (* == all for example) like the
 # shell. as can action names allowed or denied. 
 
-action:   halt      @HALT@
-action:   reboot    @REBOOT@
-action:   suspend   @SUSPEND@
-action:   hibernate @HIBERNATE@
-action:   /bin/mount /bin/mount
-action:   /bin/umount /bin/umount
+action:   halt           @HALT@
+action:   reboot         @REBOOT@
+action:   suspend        @SUSPEND@
+action:   hibernate      @HIBERNATE@
+action:   /bin/mount     /bin/mount
+action:   /bin/umount    /bin/umount
 action:   /usr/bin/eject /usr/bin/eject
-action:   gdb       gdb
-action:   l2ping    l2ping
+action:   l2ping         /usr/bin/l2ping
 
 # on FreeBSD use this instead of the above.
 #action suspend  /usr/sbin/zzz 
diff --git a/src/bin/e_start_main.c b/src/bin/e_start_main.c
index 2629155..64aa5d4 100644
--- a/src/bin/e_start_main.c
+++ b/src/bin/e_start_main.c
@@ -567,8 +567,7 @@ main(int argc, char **argv)
                               {
                                  /* call e_sys gdb */
                                  snprintf(buffer, 4096,
-                                          
"%s/enlightenment/utils/enlightenment_sys gdb %i %s/.e-crashdump.txt",
-                                          eina_prefix_lib_get(pfx),
+                                          "gdb %i %s/.e-crashdump.txt",
                                           child,
                                           home);
                                  r = system(buffer);
diff --git a/src/bin/e_sys_main.c b/src/bin/e_sys_main.c
index baf018b..e833dac 100644
--- a/src/bin/e_sys_main.c
+++ b/src/bin/e_sys_main.c
@@ -1,5 +1,11 @@
 #include "config.h"
 
+#define __USE_MISC
+#define _SVID_SOURCE
+#ifdef HAVE_FEATURES_H
+# include <features.h>
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -53,7 +59,6 @@ main(int argc,
    const char *act;
 #endif
    gid_t gid, gl[65536], egid;
-   int pid = 0;
 
    for (i = 1; i < argc; i++)
      {
@@ -75,21 +80,6 @@ main(int argc,
              test = 1;
              action = argv[2];
           }
-        else if (!strcmp(argv[1], "gdb"))
-          {
-             if (argc != 4) exit(1);
-             char *end = NULL;
-
-             action = argv[1];
-             pid = strtoul(argv[2], &end, 10);
-             if (end == NULL || *end != '\0')
-               {
-                  printf("Invalid pid for '%s'.\n", argv[3]);
-                  exit(0);
-               }
-
-             output = argv[3];
-          }
        else if (!strcmp(argv[1], "l2ping"))
          {
             action = argv[1];
@@ -161,27 +151,7 @@ main(int argc,
         exit(20);
      }
 
-   if (!strcmp(action, "gdb"))
-     {
-        char buffer[4096];
-        int r;
-
-        snprintf(buffer, 4096,
-                 "%s --pid=%i "
-                 "-batch "
-                 "-ex 'set logging file %s' "
-                 "-ex 'set logging on' "
-                 "-ex 'thread apply all backtrace full' "
-                 "-ex detach > /dev/null 2>&1 < /dev/zero",
-                 cmd,
-                 pid,
-                 output ?: "e-output.txt");
-
-        r = system(buffer);
-
-        exit(WEXITSTATUS(r));
-     }
-   else if (!test && !strcmp(action, "l2ping"))
+   if (!test && !strcmp(action, "l2ping"))
      {
         char tmp[128];
        double latency;
@@ -193,6 +163,23 @@ main(int argc,
 
        return (latency < 0) ? 1 : 0;
      }
+   /* sanitize environment */
+#ifdef HAVE_UNSETENV
+# define NOENV(x) unsetenv(x)
+#else
+# define NOENV(x)
+#endif
+   NOENV("IFS");
+   NOENV("LD_PRELOAD");
+   NOENV("PYTHONPATH");
+   NOENV("LD_LIBRARY_PATH");
+#ifdef HAVE_CLEARENV
+     clearenv();
+#endif
+   /* set path and ifs to minimal defaults */
+   putenv("PATH=/bin:/usr/bin");
+   putenv("IFS= \t\n");
+
    if ((!test)
 #ifdef HAVE_EEZE_MOUNT
        && (!mnt)

--

Reply via email to