common/security.h | 4 ++-- kit/ForKit.cpp | 17 +++++++++++++++-- wsd/LOOLWSD.cpp | 10 ++++++++++ wsd/LOOLWSD.hpp | 1 + 4 files changed, 28 insertions(+), 4 deletions(-)
New commits: commit eb88cb485c9b3a24248f0b8c5eec81f7d3d28d91 Author: Jan Holesovsky <ke...@collabora.com> AuthorDate: Thu Apr 23 20:01:04 2020 +0200 Commit: Jan Holesovsky <ke...@collabora.com> CommitDate: Fri Apr 24 20:58:43 2020 +0200 Allow running the production build under a non-lool user when necessary. But it is insecure, so warn about that. Change-Id: I151be64f53521e217a5498c0531c9ef2ff8db818 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92822 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com> Reviewed-by: Jan Holesovsky <ke...@collabora.com> diff --git a/common/security.h b/common/security.h index f6c0bf258..0fd0a691b 100644 --- a/common/security.h +++ b/common/security.h @@ -34,8 +34,8 @@ static int hasCorrectUID(const char *appName) return 1; else { fprintf(stderr, "Error: %s incorrect user-name: %s - aborting\n", - appName, pw && pw->pw_name ? pw->pw_name : "<null>"); - return 0; + appName, pw && pw->pw_name ? pw->pw_name : "<null>"); + return 0; } #endif } diff --git a/kit/ForKit.cpp b/kit/ForKit.cpp index 993794bc7..c3c672c68 100644 --- a/kit/ForKit.cpp +++ b/kit/ForKit.cpp @@ -398,7 +398,20 @@ static void printArgumentHelp() int main(int argc, char** argv) { - if (!hasCorrectUID("loolforkit")) + // early check for avoiding the security check for username 'lool' + // (deliberately only this, not moving the entire parameter parsing here) + bool checkLoolUser = true; + for (int i = 0; i < argc; ++i) + { + char *cmd = argv[i]; + if (std::strstr(cmd, "--disable-lool-user-checking") == cmd) + { + std::cerr << "Security: Check for the 'lool' username overridden on the command line." << std::endl; + checkLoolUser = false; + } + } + + if (checkLoolUser && !hasCorrectUID("loolforkit")) { return EX_SOFTWARE; } @@ -526,7 +539,7 @@ int main(int argc, char** argv) // we are running without seccomp protection else if (std::strstr(cmd, "--noseccomp") == cmd) { - LOG_ERR("Security :Running without the ability to filter system calls is ill advised."); + LOG_ERR("Security: Running without the ability to filter system calls is ill advised."); NoSeccomp = true; } } diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index c34c2c315..7302b3c6c 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -728,6 +728,7 @@ std::string LOOLWSD::ConfigFile = LOOLWSD_CONFIGDIR "/loolwsd.xml"; std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d"; std::string LOOLWSD::LogLevel = "trace"; bool LOOLWSD::AnonymizeUserData = false; +bool LOOLWSD::CheckLoolUser = true; #if ENABLE_SSL Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled; Util::RuntimeConstant<bool> LOOLWSD::SSLTermination; @@ -1422,6 +1423,10 @@ void LOOLWSD::defineOptions(OptionSet& optionSet) .required(false) .repeatable(false)); + optionSet.addOption(Option("disable-lool-user-checking", "", "Don't check whether loolwsd is running under the user 'lool'. NOTE: This is insecure, use only when you know what you are doing!") + .required(false) + .repeatable(false)); + optionSet.addOption(Option("override", "o", "Override any setting by providing full xmlpath=value.") .required(false) .repeatable(true) @@ -1482,6 +1487,8 @@ void LOOLWSD::handleOption(const std::string& optionName, ClientPortNumber = std::stoi(value); else if (optionName == "disable-ssl") _overrideSettings["ssl.enable"] = "false"; + else if (optionName == "disable-lool-user-checking") + CheckLoolUser = false; else if (optionName == "override") { std::string optName; @@ -1740,6 +1747,9 @@ bool LOOLWSD::createForKit() if (NoSeccomp) args.push_back("--noseccomp"); + if (!CheckLoolUser) + args.push_back("--disable-lool-user-checking"); + #if ENABLE_DEBUG if (SingleKit) args.push_back("--singlekit"); diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp index 313cd3ca6..bdac020fa 100644 --- a/wsd/LOOLWSD.hpp +++ b/wsd/LOOLWSD.hpp @@ -246,6 +246,7 @@ public: static std::string HostIdentifier; ///< A unique random hash that identifies this server static std::string LogLevel; static bool AnonymizeUserData; + static bool CheckLoolUser; static std::atomic<unsigned> NumConnections; static std::unique_ptr<TraceFileWriter> TraceDumper; #if !MOBILEAPP _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits