From patchwork Mon May 20 21:43:05 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yann Droneaud <ydroneaud@opteya.com>
X-Patchwork-Id: 2595021
Return-Path: <linux-rdma-owner@vger.kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork1.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork1.kernel.org (Postfix) with ESMTP id DAB9440079
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Mon, 20 May 2013 21:43:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758418Ab3ETVnj (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Mon, 20 May 2013 17:43:39 -0400
Received: from smtp1-g21.free.fr ([212.27.42.1]:58910 "EHLO
	smtp1-g21.free.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1758409Ab3ETVni (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Mon, 20 May 2013 17:43:38 -0400
Received: from dworkin.quest-ce.net (unknown
	[IPv6:2a01:e35:2e9f:6ac0:224:1dff:fe13:dbb2])
	by smtp1-g21.free.fr (Postfix) with ESMTP id B818294009A;
	Mon, 20 May 2013 23:43:30 +0200 (CEST)
Received: from dworkin.quest-ce.net (localhost [127.0.0.1])
	by dworkin.quest-ce.net (8.14.5/8.14.5) with ESMTP id r4KLhToU009700;
	Mon, 20 May 2013 23:43:29 +0200
Received: (from ydroneaud@localhost)
	by dworkin.quest-ce.net (8.14.5/8.14.5/Submit) id r4KLhTtD009699;
	Mon, 20 May 2013 23:43:29 +0200
From: Yann Droneaud <ydroneaud@opteya.com>
To: linux-rdma@vger.kernel.org
Cc: Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH 3/3] read_config: skip file/directory with unsecure
	permissions
Date: Mon, 20 May 2013 23:43:05 +0200
Message-Id: 
 <0a6888edc9d7899fe3b4af249c4f25088e196422.1369085762.git.ydroneaud@opteya.com>
X-Mailer: git-send-email 1.7.11.7
In-Reply-To: <cover.1369085762.git.ydroneaud@opteya.com>
References: <cover.1369085762.git.ydroneaud@opteya.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org

libibverbs must refuse to load arbitrary shared objects.

This patch check the configuration directory and files for
- being owned by root;
- not being writable by others.

Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
---
 src/init.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/init.c b/src/init.c
index 1981da7..a37b57d 100644
--- a/src/init.c
+++ b/src/init.c
@@ -294,10 +294,24 @@ static void read_config_file(const char *path)
 
 static void read_config(void)
 {
+	struct stat buf;
 	DIR *conf_dir;
 	struct dirent *dent;
 	char *path;
 
+	if (stat(IBV_CONFIG_DIR, &buf) || !S_ISDIR(buf.st_mode)) {
+		fprintf(stderr, PFX "Warning: couldn't stat config directory '%s'.\n",
+			IBV_CONFIG_DIR);
+		return;
+	}
+
+	if (buf.st_uid != 0 || buf.st_gid != 0 ||
+	    (buf.st_mode & S_IWOTH) != 0) {
+		fprintf(stderr, PFX "Warning: unsecure config directory '%s'.\n",
+			IBV_CONFIG_DIR);
+		return;
+	}
+
 	conf_dir = opendir(IBV_CONFIG_DIR);
 	if (!conf_dir) {
 		fprintf(stderr, PFX "Warning: couldn't open config directory '%s'.\n",
@@ -306,8 +320,6 @@ static void read_config(void)
 	}
 
 	while ((dent = readdir(conf_dir))) {
-		struct stat buf;
-
 		if (dent->d_name[0] == '.')
 			continue;
 
@@ -329,6 +341,13 @@ static void read_config(void)
 		if (!S_ISREG(buf.st_mode))
 			goto next;
 
+		if (buf.st_uid != 0 || buf.st_gid != 0 ||
+		    (buf.st_mode & S_IWOTH) != 0) {
+			fprintf(stderr, PFX "Warning: unsecure config file '%s'.\n",
+				path);
+			goto next;
+		}
+
 		read_config_file(path);
 next:
 		free(path);