uuidd: Fix issues identified by SuSE's security team

SuSE's security team audited uuidd and came up with these issues. None of them are serious given that uuidd runs setuid as a unprivileged user which has no special access other than libuuid directory, but it's good to get them fixed. Signed-off-by: Matthias Koenig <mkoenig@suse.de> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
author: Matthias Koenig <mkoenig@suse.de> 2008-03-14 13:29:35 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2008-03-14 14:38:42 -0400
commit: 4415b03eaa44e4d51ced1dcd31cb1ee8d51277c1 (patch)
tree: 8beda13f0ba58cd0de797010d1df68e3eb6469c0 /misc/uuidd.c
parent: 82e541885ea912bc6764b97e2545f851cf7e3ff3 (diff)
download: e2fsprogs-4415b03eaa44e4d51ced1dcd31cb1ee8d51277c1.tar.gz
1 files changed, 29 insertions, 15 deletions
diff --git a/misc/uuidd.c b/misc/uuidd.c
index 1b2deddd..c964b4ea 100644
--- a/misc/uuidd.c
+++ b/misc/uuidd.c
@@ -52,6 +52,12 @@ static void usage(const char *progname)
 	exit(1);
 }
 
+static void die(const char *msg)
+{
+	perror(msg);
+	exit(1);
+}
+
 static void create_daemon(void)
 {
 	pid_t pid;
@@ -75,7 +81,8 @@ static void create_daemon(void)
 	chdir("/");
 	(void) setsid();
 	euid = geteuid();
-	(void) setreuid(euid, euid);
+	if (setreuid(euid, euid) < 0)
+		die("setreuid");
 }
 
 static int read_all(int fd, char *buf, size_t count)
@@ -132,7 +139,8 @@ static int call_daemon(const char *socket_path, int op, char *buf,
 	}
 
 	srv_addr.sun_family = AF_UNIX;
-	strcpy(srv_addr.sun_path, socket_path);
+	strncpy(srv_addr.sun_path, socket_path, sizeof(srv_addr.sun_path));
+	srv_addr.sun_path[sizeof(srv_addr.sun_path)-1] = '\0';
 
 	if (connect(s, (const struct sockaddr *) &srv_addr,
 		    sizeof(struct sockaddr_un)) < 0) {
@@ -252,7 +260,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
 	 * Create the address we will be binding to.
 	 */
 	my_addr.sun_family = AF_UNIX;
-	strcpy(my_addr.sun_path, socket_path);
+	strncpy(my_addr.sun_path, socket_path, sizeof(my_addr.sun_path));
+	my_addr.sun_path[sizeof(my_addr.sun_path)-1] = '\0';
 	(void) unlink(socket_path);
 	save_umask = umask(0);
 	if (bind(s, (const struct sockaddr *) &my_addr,
@@ -415,11 +424,11 @@ int main(int argc, char **argv)
 		switch (c) {
 		case 'd':
 			debug++;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		case 'k':
 			do_kill++;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		case 'n':
 			num = strtol(optarg, &tmp, 0);
@@ -429,18 +438,18 @@ int main(int argc, char **argv)
 			}
 		case 'p':
 			pidfile_path = optarg;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		case 'q':
 			quiet++;
 			break;
 		case 's':
 			socket_path = optarg;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		case 't':
 			do_type = UUIDD_OP_TIME_UUID;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		case 'T':
 			timeout = strtol(optarg, &tmp, 0);
@@ -451,7 +460,7 @@ int main(int argc, char **argv)
 			break;
 		case 'r':
 			do_type = UUIDD_OP_RANDOM_UUID;
-			drop_privs++;
+			drop_privs = 1;
 			break;
 		default:
 			usage(argv[0]);
@@ -460,15 +469,20 @@ int main(int argc, char **argv)
 	uid = getuid();
 	if (uid && drop_privs) {
 		gid = getgid();
-#ifdef HAVE_SETRESUID
-		setresuid(uid, uid, uid);
+#ifdef HAVE_SETRESGID
+		if (setresgid(gid, gid, gid) < 0)
+			die("setresgid");
 #else
-		setreuid(uid, uid);
+		if (setregid(gid, gid) < 0)
+			die("setregid");
 #endif
-#ifdef HAVE_SETRESGID
-		setresgid(gid, gid, gid);
+	
+#ifdef HAVE_SETRESUID
+		if (setresuid(uid, uid, uid) < 0)
+			die("setresuid");
 #else
-		setregid(gid, gid);
+		if (setreuid(uid, uid) < 0)
+			die("setreuid");
 #endif
 	}
 	if (num && do_type) {
author	Matthias Koenig <mkoenig@suse.de>	2008-03-14 13:29:35 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2008-03-14 14:38:42 -0400
commit	4415b03eaa44e4d51ced1dcd31cb1ee8d51277c1 (patch)
tree	8beda13f0ba58cd0de797010d1df68e3eb6469c0 /misc/uuidd.c
parent	82e541885ea912bc6764b97e2545f851cf7e3ff3 (diff)
download	e2fsprogs-4415b03eaa44e4d51ced1dcd31cb1ee8d51277c1.tar.gz