RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 07:58:11 +00:00
Code Issues Activity Actions
serenity/Userland/Utilities/pls.cpp
Jesse Buhagiar d44e2c9ad9 Userland: Check sudoers file perms and owner in pls 
As per comment found in #6319 by @bcoles, `pls` should check the
permissions and owner of the sudoers file to ensure that it hasn't
been compromised.
2021-05-29 22:33:12 +04:30

222 lines
5.9 KiB
C++
Raw Blame History

/*
* Copyright (c) 2021, Jesse Buhagiar <jooster669@gmail.com>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/LexicalPath.h>
#include <AK/String.h>
#include <AK/StringBuilder.h>
#include <AK/Types.h>
#include <AK/Vector.h>
#include <LibCore/Account.h>
#include <LibCore/ArgsParser.h>
#include <LibCore/DirIterator.h>
#include <LibCore/File.h>
#include <LibCore/GetPassword.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
static constexpr mode_t EXPECTED_PERMS = (S_IFREG | S_IRUSR);
// Function Definitions
extern "C" int main(int arch, char** argv);
bool unveil_paths(const char*);
// Unveil paths, given the current user's path and the command they want to execute
bool unveil_paths(const char* command)
{
bool did_unveil_ok = false;
// Attempt to unveil command via `realpath`
auto* command_path = realpath(command, nullptr);
// Command found via `realpath` (meaning it was probably a locally executed program)
if (command_path) {
if (unveil(command_path, "x") == 0)
did_unveil_ok = true;
free(command_path);
return did_unveil_ok;
}
// Okay, so we couldn't find the actual file specified by the user, let's
// instead search PATH for it...
auto command_path_system = Core::find_executable_in_path(command);
if (command_path_system.is_empty())
return false;
if (unveil(command_path_system.characters(), "x") == 0)
did_unveil_ok = true;
return did_unveil_ok;
}
int main(int argc, char** argv)
{
Vector<const char*> command;
Core::ArgsParser args_parser;
args_parser.add_positional_argument(command, "Command to run at elevated privilege level", "command");
args_parser.parse(argc, argv);
if (pledge("stdio tty rpath exec id", nullptr) < 0) {
perror("pledge");
return 1;
}
if (unveil("/etc/plsusers", "r") < 0) {
perror("unveil");
return 1;
}
if (unveil("/etc/passwd", "r") < 0) {
perror("unveil");
return 1;
}
if (unveil("/etc/shadow", "r") < 0) {
perror("unveil");
return 1;
}
if (unveil("/etc/group", "r") < 0) {
perror("unveil");
return 1;
}
// Unveil all paths in the user's PATH, as well as the command they've specified.
auto unveil_count = unveil_paths(command.at(0));
if (unveil_count == 0) {
warnln("Error: Failed to unveil paths!");
return 1;
}
// Lock veil
unveil(nullptr, nullptr);
// Call `seteuid` so we can access `/etc/plsusers`
if (seteuid(0) < 0) {
perror("seteuid");
return 1;
}
// Check the permissions and owner of /etc/plsusers. This ensures the integrity of the file.
struct stat pls_users_stat;
if (stat("/etc/plsusers", &pls_users_stat) < 0) {
perror("stat");
return 1;
}
if (pls_users_stat.st_mode != EXPECTED_PERMS) {
warnln("Error: /etc/plsusers has incorrect permissions.");
return 4;
}
if (pls_users_stat.st_uid != 0 && pls_users_stat.st_gid != 0) {
warnln("Error: /etc/plsusers is not owned by root.");
return 4;
}
auto pls_users_file_or_error = Core::File::open("/etc/plsusers", Core::OpenMode::ReadOnly);
if (pls_users_file_or_error.is_error()) {
warnln("Error: Could not open /etc/plsusers: {}", pls_users_file_or_error.error());
return 1;
}
const char* username = getlogin();
bool user_found = false;
for (auto line = pls_users_file_or_error.value()->line_begin(); !line.at_end(); ++line) {
auto line_str = *line;
// Skip any comments
if (line_str.starts_with("#"))
continue;
// Our user is in the plsusers file!
if (line_str.to_string() == username) {
user_found = true;
break;
}
}
// User isn't in the plsusers file
if (!user_found) {
warnln("{} is not in the plsusers file!", username);
return 2;
}
// The user was in the plsusers file, now let's ask for their password to ensure that it's actually them...
auto account_or_error = Core::Account::from_name(username);
if (account_or_error.is_error()) {
warnln("Core::Account::from_name: {}", account_or_error.error());
return 1;
}
const auto& account = account_or_error.value();
uid_t current_uid = getuid();
if (current_uid != 0 && account.has_password()) {
auto password = Core::get_password();
if (password.is_error()) {
warnln("{}", password.error());
return 1;
}
if (!account.authenticate(password.value().characters())) {
warnln("Incorrect or disabled password.");
return 1;
}
}
// TODO: Support swapping users instead of just defaulting to root
if (setgid(0) < 0) {
perror("setgid");
return 1;
}
if (setuid(0) < 0) {
perror("setuid");
return 1;
}
// Build the arguments list passed to `execvpe`
Vector<const char*> exec_args;
for (const auto& arg : command) {
exec_args.append(arg);
}
// Always terminate with a NULL (to signal end of args list)
exec_args.append(nullptr);
// Build the environment arguments
StringBuilder builder;
Vector<String> env_args_str;
// TERM envvar
char* env_term = getenv("TERM");
if (env_term != nullptr) {
builder.append("TERM=");
builder.append(env_term);
env_args_str.append(builder.build());
}
Vector<const char*> env_args;
for (auto& arg : env_args_str) {
env_args.append(arg.characters());
}
// Arguments list must be terminated with NULL argument
env_args.append(nullptr);
// Execute the desired command
if (execvpe(command.at(0), const_cast<char**>(exec_args.data()), const_cast<char**>(env_args.data())) < 0) {
perror("execvpe");
exit(1);
}
return 0;
}
Reference in a new issue View git blame Copy permalink