From: Matthias Koenig <mkoenig@xxxxxxx> SuSE's security team audited uuidd and came up with these issues. None of them are serious given that uuidd runs setuid as a unprivileged user which has no special access other than libuuid directory, but it's good to get them fixed. Signed-off-by: Matthias Koenig <mkoenig@xxxxxxx> Signed-off-by: "Theodore Ts'o" <tytso@xxxxxxx> --- misc/uuidd.c | 44 +++++++++++++++++++++++++++++--------------- 1 files changed, 29 insertions(+), 15 deletions(-) diff --git a/misc/uuidd.c b/misc/uuidd.c index 1b2dedd..c964b4e 100644 --- a/misc/uuidd.c +++ b/misc/uuidd.c @@ -52,6 +52,12 @@ static void usage(const char *progname) exit(1); } +static void die(const char *msg) +{ + perror(msg); + exit(1); +} + static void create_daemon(void) { pid_t pid; @@ -75,7 +81,8 @@ static void create_daemon(void) chdir("/"); (void) setsid(); euid = geteuid(); - (void) setreuid(euid, euid); + if (setreuid(euid, euid) < 0) + die("setreuid"); } static int read_all(int fd, char *buf, size_t count) @@ -132,7 +139,8 @@ static int call_daemon(const char *socket_path, int op, char *buf, } srv_addr.sun_family = AF_UNIX; - strcpy(srv_addr.sun_path, socket_path); + strncpy(srv_addr.sun_path, socket_path, sizeof(srv_addr.sun_path)); + srv_addr.sun_path[sizeof(srv_addr.sun_path)-1] = '\0'; if (connect(s, (const struct sockaddr *) &srv_addr, sizeof(struct sockaddr_un)) < 0) { @@ -252,7 +260,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, * Create the address we will be binding to. */ my_addr.sun_family = AF_UNIX; - strcpy(my_addr.sun_path, socket_path); + strncpy(my_addr.sun_path, socket_path, sizeof(my_addr.sun_path)); + my_addr.sun_path[sizeof(my_addr.sun_path)-1] = '\0'; (void) unlink(socket_path); save_umask = umask(0); if (bind(s, (const struct sockaddr *) &my_addr, @@ -415,11 +424,11 @@ int main(int argc, char **argv) switch (c) { case 'd': debug++; - drop_privs++; + drop_privs = 1; break; case 'k': do_kill++; - drop_privs++; + drop_privs = 1; break; case 'n': num = strtol(optarg, &tmp, 0); @@ -429,18 +438,18 @@ int main(int argc, char **argv) } case 'p': pidfile_path = optarg; - drop_privs++; + drop_privs = 1; break; case 'q': quiet++; break; case 's': socket_path = optarg; - drop_privs++; + drop_privs = 1; break; case 't': do_type = UUIDD_OP_TIME_UUID; - drop_privs++; + drop_privs = 1; break; case 'T': timeout = strtol(optarg, &tmp, 0); @@ -451,7 +460,7 @@ int main(int argc, char **argv) break; case 'r': do_type = UUIDD_OP_RANDOM_UUID; - drop_privs++; + drop_privs = 1; break; default: usage(argv[0]); @@ -460,15 +469,20 @@ int main(int argc, char **argv) uid = getuid(); if (uid && drop_privs) { gid = getgid(); -#ifdef HAVE_SETRESUID - setresuid(uid, uid, uid); +#ifdef HAVE_SETRESGID + if (setresgid(gid, gid, gid) < 0) + die("setresgid"); #else - setreuid(uid, uid); + if (setregid(gid, gid) < 0) + die("setregid"); #endif -#ifdef HAVE_SETRESGID - setresgid(gid, gid, gid); + +#ifdef HAVE_SETRESUID + if (setresuid(uid, uid, uid) < 0) + die("setresuid"); #else - setregid(gid, gid); + if (setreuid(uid, uid) < 0) + die("setreuid"); #endif } if (num && do_type) { -- 1.5.4.1.144.gdfee-dirty -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html