aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/iscsi-initiator-utils/files/0001-Check-for-root-peer-user-for-iscsiuio-IPC.patch
blob: 2fd5c08a1cb36cf144bab33a7f91764929ec0d89 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
From eb516ac5f9dddc80564f6becee08a0011e7aa58b Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Fri, 15 Dec 2017 10:36:11 -0800
Subject: [PATCH 1/7] Check for root peer user for iscsiuio IPC

This fixes a possible vulnerability where a non-root
process could connect with iscsiuio. Fouund by Qualsys.

CVE: CVE-2017-17840

Upstream-Status: Backport

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
 iscsiuio/src/unix/Makefile.am  |  3 ++-
 iscsiuio/src/unix/iscsid_ipc.c | 47 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/iscsiuio/src/unix/Makefile.am b/iscsiuio/src/unix/Makefile.am
index 71d5463..a989ef0 100644
--- a/iscsiuio/src/unix/Makefile.am
+++ b/iscsiuio/src/unix/Makefile.am
@@ -20,7 +20,8 @@ iscsiuio_SOURCES =	build_date.c		\
 			nic_utils.c		\
 			packet.c		\
 			iscsid_ipc.c		\
-			ping.c
+			ping.c			\
+			${top_srcdir}/../utils/sysdeps/sysdeps.c
 
 iscsiuio_CFLAGS = 	$(AM_CFLAGS)		\
 			$(LIBNL_CFLAGS)		\
diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c
index a2a59a8..08e49e5 100644
--- a/iscsiuio/src/unix/iscsid_ipc.c
+++ b/iscsiuio/src/unix/iscsid_ipc.c
@@ -37,6 +37,8 @@
  *
  */
 
+#define _GNU_SOURCE
+
 #include <errno.h>
 #include <pthread.h>
 #include <signal.h>
@@ -47,6 +49,8 @@
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/un.h>
+#include <sys/types.h>
+#include <pwd.h>
 
 #define PFX "iscsi_ipc "
 
@@ -61,6 +65,7 @@
 #include "iscsid_ipc.h"
 #include "uip.h"
 #include "uip_mgmt_ipc.h"
+#include "sysdeps.h"
 
 #include "logger.h"
 #include "uip.h"
@@ -102,6 +107,7 @@ struct iface_rec_decode {
 	uint16_t		mtu;
 };
 
+#define PEERUSER_MAX	64
 
 /******************************************************************************
  *  iscsid_ipc Constants
@@ -1029,6 +1035,40 @@ static void iscsid_loop_close(void *arg)
 	LOG_INFO(PFX "iSCSI daemon socket closed");
 }
 
+/*
+ * check that the peer user is privilidged
+ *
+ * return 1 if peer is ok else 0
+ *
+ * XXX: this function is copied from iscsid_ipc.c and should be
+ * moved into a common library
+ */
+static int
+mgmt_peeruser(int sock, char *user)
+{
+	struct ucred peercred;
+	socklen_t so_len = sizeof(peercred);
+	struct passwd *pass;
+
+	errno = 0;
+	if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
+		&so_len) != 0 || so_len != sizeof(peercred)) {
+		/* We didn't get a valid credentials struct. */
+		LOG_ERR(PFX "peeruser_unux: error receiving credentials: %m");
+		return 0;
+	}
+
+	pass = getpwuid(peercred.uid);
+	if (pass == NULL) {
+		LOG_ERR(PFX "peeruser_unix: unknown local user with uid %d",
+				(int) peercred.uid);
+		return 0;
+	}
+
+	strlcpy(user, pass->pw_name, PEERUSER_MAX);
+	return 1;
+}
+
 /**
  *  iscsid_loop() - This is the function which will process the broadcast
  *                  messages from iscsid
@@ -1038,6 +1078,7 @@ static void *iscsid_loop(void *arg)
 {
 	int rc;
 	sigset_t set;
+	char user[PEERUSER_MAX];
 
 	pthread_cleanup_push(iscsid_loop_close, arg);
 
@@ -1077,6 +1118,12 @@ static void *iscsid_loop(void *arg)
 			continue;
 		}
 
+		if (!mgmt_peeruser(iscsid_opts.fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
+			close(s2);
+			LOG_ERR(PFX "Access error: non-administrative connection rejected");
+			break;
+		}
+
 		process_iscsid_broadcast(s2);
 		close(s2);
 	}
-- 
1.9.1