Commit 149a3df1 authored by David Zeuthen's avatar David Zeuthen
Browse files

fix issue where users allowed to change defaults can delete override files

More details at

 https://bugzilla.novell.com/show_bug.cgi?id=295341#c25
parent 99310128
==========
PolicyKit 0.8 ""
==========
NOTE NOTE NOTE: The permissions and modes of certain files has changed
since PolicyKit 0.7. Make sure to update your spec files
to reflect this. See the output of configure for details.
==========
PolicyKit 0.7 "Common sense ain't common"
==========
......
......@@ -617,10 +617,13 @@ if test "${POLKIT_AUTHDB}" = default ; then
echo " owned by group ${POLKIT_GROUP} and will be mode 770."
echo
echo "NOTE: The directory ${localstatedir}/run/PolicyKit-public will be"
echo " owned by group ${POLKIT_GROUP} and will be mode 775."
echo " owned by user ${POLKIT_USER} and will be mode 755."
echo
echo "NOTE: The file ${localstatedir}/lib/misc/PolicyKit.reload will be"
echo " owned by user ${POLKIT_USER} and group ${POLKIT_GROUP} and will be mode 775."
echo
echo "NOTE: ${libexecdir}/polkit-set-default-helper will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo " user ${POLKIT_USER} and installed with mode 4755 (setuid binary)."
echo
echo "NOTE: ${libexecdir}/polkit-read-auth-helper will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
......
......@@ -50,8 +50,8 @@ polkit_set_default_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la libpol
# to read authorization files in /var/lib/PolicyKit and
# /var/run/PolicyKit
#
# polkit-set-default-helper needs to be setgid $POLKIT_GROUP to be able
# to write .override files in /var/lib/PolicyKit-public
# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able
# to write .defaults-override files in /var/lib/PolicyKit-public
#
# polkit-resolve-exe-helper needs to be setuid root to be able to resolve
# /proc/$pid/exe symlinks.
......@@ -59,8 +59,8 @@ polkit_set_default_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la libpol
install-exec-hook:
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-set-default-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper
-chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper
-chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper
-chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper
else
install-exec-hook:
......
......@@ -69,7 +69,7 @@ set_default (const char *action_id, const char *any, const char *inactive, const
contents = NULL;
ret = FALSE;
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.override", action_id);
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
if (path == NULL)
goto out;
......@@ -78,7 +78,7 @@ set_default (const char *action_id, const char *any, const char *inactive, const
if (contents == NULL)
goto out;
if (!kit_file_set_contents (path, 0464, contents, strlen (contents))) {
if (!kit_file_set_contents (path, 0644, contents, strlen (contents))) {
kit_warning ("Error writing override file '%s': %m\n", path);
goto out;
}
......@@ -101,7 +101,7 @@ clear_default (const char *action_id)
ret = FALSE;
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.override", action_id);
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
if (path == NULL)
goto out;
......@@ -122,11 +122,9 @@ int
main (int argc, char *argv[])
{
int ret;
gid_t egid;
struct group *group;
uid_t caller_uid;
uid_t euid;
struct passwd *pw;
uid_t uid_for_polkit_user;
ret = 1;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
......@@ -160,24 +158,17 @@ main (int argc, char *argv[])
goto out;
}
/* check that we are setgid polkituser */
egid = getegid ();
group = getgrgid (egid);
if (group == NULL) {
fprintf (stderr, "polkit-set-default-helper: cannot lookup group info for gid %d\n", egid);
goto out;
}
if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
fprintf (stderr, "polkit-set-default-helper: needs to be setgid " POLKIT_GROUP "\n");
/* check that we are setuid polkituser */
euid = geteuid ();
pw = getpwuid (euid);
if (pw == NULL) {
fprintf (stderr, "polkit-set-default-helper: cannot lookup passwd info for uid %d\n", euid);
goto out;
}
pw = getpwnam (POLKIT_USER);
if (pw == NULL) {
fprintf (stderr, "polkit-set-default-helper: cannot lookup uid for " POLKIT_USER "\n");
if (strcmp (pw->pw_name, POLKIT_USER) != 0) {
fprintf (stderr, "polkit-set-default-helper: needs to be setuid " POLKIT_USER "\n");
goto out;
}
uid_for_polkit_user = pw->pw_uid;
/*----------------------------------------------------------------------------------------------------*/
......
......@@ -126,26 +126,26 @@ if POLKIT_AUTHDB_DEFAULT
# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
# group needs to be able to write files there.
#
# The /var/lib/PolicyKit-public is used for storing world-readable
# information. Only $POLKIT_GROUP may write to it.
# The directory /var/lib/PolicyKit-public is used for storing world-readable
# information. Only $POLKIT_USER may write to it.
#
# The /var/lib/misc/PolicyKit.reload file is used for triggering that
# authorizations have changed; it needs to be world readable and
# writeable for the $POLKIT_GROUP group (FHS 2.3 suggests that
# location)
# writeable for user $POLKIT_USER and group $POLKIT_GROUP (FHS 2.3 suggests
# that location)
#
install-data-local:
mkdir -p $(DESTDIR)$(localstatedir)/lib/misc
touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
-chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
-chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
-chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
-chmod 775 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
-chmod 755 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
-chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
-chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
endif
......@@ -140,7 +140,7 @@ _polkit_policy_file_entry_new (const char *action_id,
#ifdef POLKIT_AUTHDB_DEFAULT
/* read override file */
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.override", action_id);
path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
if (path == NULL)
goto error;
if (!kit_file_get_contents (path, &contents, &contents_size)) {
......@@ -532,7 +532,7 @@ polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry,
}
if (!WIFEXITED (exit_status)) {
kit_warning ("Revoke helper crashed!");
kit_warning ("Set-default helper crashed!");
polkit_error_set_error (error,
POLKIT_ERROR_GENERAL_ERROR,
"set-default helper crashed!");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment