xenia/kakoune
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve general security of the unix sockets

Browse Source 
* Use the stricky bit on the shared kakoune folder
* Do not allow read/write access to user folder
* Respect $TMPDIR when set

Fixes #1007
This commit is contained in:
Maxime Coste 2016-12-15 23:47:34 +00:00
parent 9a879262a2
commit 831887cd3a
3 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/file.cc
View File

@ -334,7 +334,7 @@ String find_file(StringView filename, ConstArrayView<String> paths)
return ""; return "";
} }
void make_directory(StringView dir) void make_directory(StringView dir, mode_t mode)
{ {
auto it = dir.begin(), end = dir.end(); auto it = dir.begin(), end = dir.end();
while(it != end) while(it != end)
@ -352,7 +352,7 @@ void make_directory(StringView dir)
auto old_mask = umask(0); auto old_mask = umask(0);
auto restore_mask = on_scope_end([old_mask]() { umask(old_mask); }); auto restore_mask = on_scope_end([old_mask]() { umask(old_mask); });
if (mkdir(dirname.zstr(), S_IRWXU | S_IRWXG | S_IRWXO) != 0) if (mkdir(dirname.zstr(), mode) != 0)
throw runtime_error(format("mkdir failed for directory '{}' errno {}", dirname, errno)); throw runtime_error(format("mkdir failed for directory '{}' errno {}", dirname, errno));
} }
} }

2
src/file.hh
View File

@ -56,7 +56,7 @@ bool file_exists(StringView filename);
Vector<String> list_files(StringView directory); Vector<String> list_files(StringView directory);
void make_directory(StringView dir); void make_directory(StringView dir, mode_t mode);
timespec get_fs_timestamp(StringView filename); timespec get_fs_timestamp(StringView filename);

20
src/remote.cc
View File

@ -480,14 +480,22 @@ void RemoteUI::set_ui_options(const Options& options)
m_socket_watcher.events() |= FdEvents::Write; m_socket_watcher.events() |= FdEvents::Write;
} }
static const char* tmpdir()
{
if (const char* tmpdir = getenv("TMPDIR"))
return tmpdir;
return "/tmp";
}
static sockaddr_un session_addr(StringView session) static sockaddr_un session_addr(StringView session)
{ {
sockaddr_un addr; sockaddr_un addr;
addr.sun_family = AF_UNIX; addr.sun_family = AF_UNIX;
if (find(session, '/')!= session.end()) if (find(session, '/')!= session.end())
format_to(addr.sun_path, "/tmp/kakoune/{}", session); format_to(addr.sun_path, "{}/kakoune/{}", tmpdir(), session);
else else
format_to(addr.sun_path, "/tmp/kakoune/{}/{}", getpwuid(geteuid())->pw_name, session); format_to(addr.sun_path, "{}/kakoune/{}/{}", tmpdir(),
getpwuid(geteuid())->pw_name, session);
return addr; return addr;
} }
@ -704,7 +712,13 @@ Server::Server(String session_name)
fcntl(listen_sock, F_SETFD, FD_CLOEXEC); fcntl(listen_sock, F_SETFD, FD_CLOEXEC);
sockaddr_un addr = session_addr(m_session); sockaddr_un addr = session_addr(m_session);
make_directory(split_path(addr.sun_path).first); // set sticky bit on the shared kakoune directory
make_directory(format("{}/kakoune", tmpdir()), 01777);
make_directory(split_path(addr.sun_path).first, 0711);
// Do not give any access to the socket to other users by default
auto old_mask = umask(0077);
auto restore_mask = on_scope_end([old_mask]() { umask(old_mask); });
if (bind(listen_sock, (sockaddr*) &addr, sizeof(sockaddr_un)) == -1) if (bind(listen_sock, (sockaddr*) &addr, sizeof(sockaddr_un)) == -1)
throw runtime_error(format("unable to bind listen socket '{}'", addr.sun_path)); throw runtime_error(format("unable to bind listen socket '{}'", addr.sun_path));