From: William Roberts <bill.c.roberts@gmail.com>
To: Vit Mojzis <vmojzis@redhat.com>
Cc: selinux <selinux@tycho.nsa.gov>
Subject: Re: [PATCH 2/3] libsemanage: remove access() check to make setuid programs work
Date: Wed, 28 Feb 2018 09:52:57 -0800 [thread overview]
Message-ID: <CAFftDdpaQkXpABA1A5kkS4+ps7s2FzPEPo_wNqRg+dJDbGuiWA@mail.gmail.com> (raw)
In-Reply-To: <20180228101510.21023-2-vmojzis@redhat.com>
On Wed, Feb 28, 2018 at 2:15 AM, Vit Mojzis <vmojzis@redhat.com> wrote:
> F_OK access checks only work properly as long as all directories along
> the path are accessible to real user running the program.
> Replace F_OK access checks by testing return value of open, write, etc.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1186431
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
> libsemanage/src/direct_api.c | 39 +++++++++++++++------------------------
> 1 file changed, 15 insertions(+), 24 deletions(-)
>
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index b7899d68..f4d57cf8 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -1563,34 +1563,25 @@ rebuild:
> goto cleanup;
> }
>
> - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
> - if (access(path, F_OK) == 0) {
> - retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
> - semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
> - sh->conf->file_mode);
> - if (retval < 0) {
> - goto cleanup;
> - }
> + retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
> + semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
> + sh->conf->file_mode);
> + if (retval < 0 && errno != ENOENT) {
> + goto cleanup;
> }
>
> - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
> - if (access(path, F_OK) == 0) {
> - retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
> - semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
> - sh->conf->file_mode);
> - if (retval < 0) {
> - goto cleanup;
> - }
> + retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
> + semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
> + sh->conf->file_mode);
> + if (retval < 0 && errno != ENOENT) {
> + goto cleanup;
> }
>
> - path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
> - if (access(path, F_OK) == 0) {
> - retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
> - semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
> - sh->conf->file_mode);
> - if (retval < 0) {
> - goto cleanup;
> - }
> + retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
> + semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
> + sh->conf->file_mode);
> + if (retval < 0 && errno != ENOENT) {
> + goto cleanup;
> }
>
> /* run genhomedircon if its enabled, this should be the last operation
> --
> 2.14.3
>
>
tentative ack. I need to run tests on this one, but it looks fine. I
suspect this should work looking at semanage_copy_file() internals.
next prev parent reply other threads:[~2018-02-28 17:53 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-14 13:14 [PATCH] libsemanage: Perform access check using euid instead of uid Vit Mojzis
2017-02-14 15:11 ` Stephen Smalley
2017-02-14 15:25 ` Stephen Smalley
2017-02-14 20:17 ` Stephen Smalley
2017-02-14 20:53 ` Stephen Smalley
2017-02-22 15:47 ` Petr Lautrbach
2017-02-27 18:19 ` Stephen Smalley
2017-05-05 12:49 ` libsemanage: remove/replace access() checks to make setuid programs work Vit Mojzis
2017-05-05 12:49 ` [PATCH 1/3] libsemanage: remove access() check " Vit Mojzis
2017-05-05 20:25 ` Stephen Smalley
2017-05-05 12:49 ` [PATCH 2/3] " Vit Mojzis
2017-05-05 20:27 ` Stephen Smalley
2017-05-05 12:49 ` [PATCH 3/3] libsemanage: replace access(, F_OK) checks " Vit Mojzis
2017-05-05 20:32 ` Stephen Smalley
2017-05-19 12:22 ` Vit Mojzis
2017-05-19 13:56 ` Stephen Smalley
2017-06-26 12:38 ` [PATCH 1/3] libsemanage: remove access() check " Vit Mojzis
2017-06-26 12:38 ` [PATCH 2/3] " Vit Mojzis
2017-06-26 13:37 ` Stephen Smalley
2017-06-26 12:38 ` [PATCH 3/3] libsemanage: replace access(, F_OK) checks " Vit Mojzis
2017-06-26 13:55 ` Stephen Smalley
2018-02-28 10:15 ` [PATCH 1/3] libsemanage: remove access() check " Vit Mojzis
2018-02-28 10:15 ` [PATCH 2/3] " Vit Mojzis
2018-02-28 17:52 ` William Roberts [this message]
2018-02-28 18:26 ` Stephen Smalley
2018-02-28 19:37 ` William Roberts
2018-02-28 10:15 ` [PATCH 3/3] libsemanage: replace access() checks " Vit Mojzis
2018-02-28 17:50 ` William Roberts
2018-02-28 18:24 ` William Roberts
2018-02-28 18:43 ` Stephen Smalley
2018-02-28 19:07 ` William Roberts
2018-02-28 19:26 ` William Roberts
2018-02-28 19:39 ` Stephen Smalley
2018-02-28 19:44 ` William Roberts
2018-02-28 20:53 ` Stephen Smalley
2018-03-01 14:40 ` Stephen Smalley
2018-03-01 14:46 ` Stephen Smalley
2018-02-28 18:41 ` Stephen Smalley
2018-02-28 19:13 ` [PATCH 1/3] libsemanage: remove access() check " William Roberts
2017-06-26 14:04 ` [PATCH 3/3] libsemanage: replace access(, F_OK) checks " Stephen Smalley
2017-09-28 14:37 ` Stephen Smalley
2018-03-06 11:58 libsemanage: Perform access check using euid instead of uid v2 Vit Mojzis
2018-03-06 11:58 ` [PATCH 2/3] libsemanage: remove access() check to make setuid programs work Vit Mojzis
2018-03-08 19:54 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFftDdpaQkXpABA1A5kkS4+ps7s2FzPEPo_wNqRg+dJDbGuiWA@mail.gmail.com \
--to=bill.c.roberts@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=vmojzis@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.