From 8a7677787479ad6d8aede4826987afa42bd1f122 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Thu, 11 Apr 2013 23:29:03 -0700 Subject: Adding support for overriding target uid+gid based on command to execute. --- main.cc | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 122 insertions(+), 9 deletions(-) (limited to 'main.cc') diff --git a/main.cc b/main.cc index 61946e3..8448f3f 100644 --- a/main.cc +++ b/main.cc @@ -2,6 +2,7 @@ #include #include #include +#include #include #include #include @@ -76,6 +77,7 @@ public: , max_gid( gids.second ) { + DEBUG( "insecuresuexec permission( %u-%u, %u-%u )\n", min_uid, max_uid, min_gid, max_gid ); } @@ -85,6 +87,31 @@ public: }; +class override { + + std::regex constraint; + +public: + + uid_t uid; + gid_t gid; + + override( uid_t _uid, gid_t _gid, const char *ex ) + : constraint( ex, std::regex_constants::basic ) + , uid( _uid ) + , gid( _gid ) + { + + DEBUG( "insecuresuexec override( %u, %u, %s )\n", _uid, _gid, ex ); + + } + + const bool match( const char *str ) { + return regex_match( str, constraint, std::regex_constants::match_continuous ); + } + +}; + template< typename thing > std::pair< thing, thing > parse_pair( const char *line, thing (*parse_one)( const char *part ) ) { std::pair< thing, thing > ret( 0, -1 ); @@ -130,7 +157,7 @@ template< typename thing > std::pair< thing, thing > parse_pair( const char *lin } -permission parse_line( const char *line ) { +permission parse_permission_line( const char *line ) { size_t line_len = strcspn( line, "\n" ); assert( line_len > 0 ); @@ -155,6 +182,38 @@ permission parse_line( const char *line ) { } +override parse_override_line( const char *line ) { + + size_t line_len = strcspn( line, "\n" ); + assert( line_len > 0 ); + + size_t user_len = strcspn( line, ":" ); + assert( user_len != line_len ); + + size_t group_len = strcspn( line + user_len + 1, " " ); + assert( group_len != line_len - user_len - 1 ); + + size_t ex_len = line_len - user_len - 1 - group_len - 1; + + char user[user_len + 1]; + strncpy( user, line, user_len ); + user[user_len] = 0; + + char group[group_len + 1]; + strncpy( group, line + user_len + 1, group_len ); + group[group_len] = 0; + + char ex[ex_len + 1]; + strncpy( ex, line + user_len + 1 + group_len + 1, ex_len ); + ex[ex_len] = 0; + + uid_t uid_part = parse_user( user ); + gid_t gid_part = parse_group( group ); + + return override( uid_part, gid_part, ex ); + +} + std::vector< permission > * read_permissions( const char *file ) { FILE *fh = fopen( file, "r" ); @@ -170,7 +229,34 @@ std::vector< permission > * read_permissions( const char *file ) { size_t line_len = strcspn( line, "\n" ); if ( line_len ) { - ret->push_back( parse_line( line ) ); + ret->push_back( parse_permission_line( line ) ); + }; + + }; + + if ( line ) + free( line ); + + return ret; + +} + +std::vector< override > * read_overrides( const char *file ) { + + FILE *fh = fopen( file, "r" ); + if ( not fh ) + assert_perror( errno ); + + auto *ret = new std::vector< override >( ); + + char *line = 0; + size_t size = 0; + + for ( ; getline( &line, &size, fh ) != -1; ) { + + size_t line_len = strcspn( line, "\n" ); + if ( line_len ) { + ret->push_back( parse_override_line( line ) ); }; }; @@ -184,6 +270,14 @@ std::vector< permission > * read_permissions( const char *file ) { int main( int argc, char *argv[] ) { + DEBUG( "insecuresuexec is parsing the stored permissions...\n" ); + + auto allowed = read_permissions( "/etc/insecuresuexec/permissions" ); + + DEBUG( "insecuresuexec is parsing the stored overrides...\n" ); + + auto override = read_overrides( "/etc/insecuresuexec/overrides" ); + if ( argc < 4 ) { fprintf( stderr, "Usage: %s user group cmd [args..]\n", argv[0] ); return 1; @@ -199,10 +293,33 @@ int main( int argc, char *argv[] ) { uid_t uid; gid_t gid; - DEBUG( "insecuresuexec is parsing the command-line user and group...\n" ); + DEBUG( "insecuresuexec is checking the overrides...\n" ); + + bool did_override = false; + for ( auto i = override->begin( ); i != override->end( ); ++i ) { + if ( i->match( cmd ) ) { - uid = parse_user( user ); - gid = parse_group( group ); + DEBUG( " cmd matched, now uid=%u gid=%u\n", i->uid, i->gid ); + + uid = i->uid; + gid = i->gid; + + did_override = true; + + break; + }; + }; + + if ( ! did_override ) { + + DEBUG( " no matching override found\n" ); + + DEBUG( "insecuresuexec is parsing the command-line user and group...\n" ); + + uid = parse_user( user ); + gid = parse_group( group ); + + }; // literally the only hard-coded security check if ( not uid || not gid ) { @@ -210,10 +327,6 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; - DEBUG( "insecuresuexec is parsing the stored permissions...\n" ); - - auto allowed = read_permissions( "/etc/insecuresuexec/permissions" ); - DEBUG( "insecuresuexec is running the configured security checks...\n" ); // the configurable security checks -- cgit v1.2.3