Use lchown() instead of chown() for self-created files

There is no need to allow symlink dereferencing in these cases where a
file (including directories and sockets) are created by the same
process, so use the safer lchown() variant to avoid leaving potential
windows for something external to replace the file before the chown()
call. The particular locations used here should not have write
permissions enabled for processes with less privileges, so this may not
be needed, but anyway, it is better to make these more restrictive
should there be cases where directory permissions are not as expected
for a good deployment.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-01-06 20:28:04 +02:00
parent b686745c76
commit 02f52ab6f5
4 changed files with 24 additions and 24 deletions

View file

@ -3506,18 +3506,18 @@ fail:
} }
if (hapd->conf->ctrl_interface_gid_set && if (hapd->conf->ctrl_interface_gid_set &&
chown(hapd->conf->ctrl_interface, -1, lchown(hapd->conf->ctrl_interface, -1,
hapd->conf->ctrl_interface_gid) < 0) { hapd->conf->ctrl_interface_gid) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
strerror(errno)); strerror(errno));
return -1; return -1;
} }
if (!hapd->conf->ctrl_interface_gid_set && if (!hapd->conf->ctrl_interface_gid_set &&
hapd->iface->interfaces->ctrl_iface_group && hapd->iface->interfaces->ctrl_iface_group &&
chown(hapd->conf->ctrl_interface, -1, lchown(hapd->conf->ctrl_interface, -1,
hapd->iface->interfaces->ctrl_iface_group) < 0) { hapd->iface->interfaces->ctrl_iface_group) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
strerror(errno)); strerror(errno));
return -1; return -1;
} }
@ -3590,16 +3590,16 @@ fail:
} }
if (hapd->conf->ctrl_interface_gid_set && if (hapd->conf->ctrl_interface_gid_set &&
chown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) { lchown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
strerror(errno)); strerror(errno));
goto fail; goto fail;
} }
if (!hapd->conf->ctrl_interface_gid_set && if (!hapd->conf->ctrl_interface_gid_set &&
hapd->iface->interfaces->ctrl_iface_group && hapd->iface->interfaces->ctrl_iface_group &&
chown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) { lchown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
strerror(errno)); strerror(errno));
goto fail; goto fail;
} }
@ -4273,9 +4273,9 @@ fail:
goto fail; goto fail;
} }
} else if (interface->ctrl_iface_group && } else if (interface->ctrl_iface_group &&
chown(interface->global_iface_path, -1, lchown(interface->global_iface_path, -1,
interface->ctrl_iface_group) < 0) { interface->ctrl_iface_group) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
strerror(errno)); strerror(errno));
goto fail; goto fail;
} }
@ -4332,8 +4332,8 @@ fail:
} }
if (interface->ctrl_iface_group && if (interface->ctrl_iface_group &&
chown(fname, -1, interface->ctrl_iface_group) < 0) { lchown(fname, -1, interface->ctrl_iface_group) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
strerror(errno)); strerror(errno));
goto fail; goto fail;
} }

View file

@ -117,8 +117,8 @@ static int android_update_permission(const char *path, mode_t mode)
/* Allow processes running with Group ID as AID_WIFI, /* Allow processes running with Group ID as AID_WIFI,
* to read files from SP, SP/<fqdn>, Cert and osu-info directories */ * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
if (chown(path, -1, AID_WIFI)) { if (lchown(path, -1, AID_WIFI)) {
wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s", wpa_printf(MSG_INFO, "CTRL: Could not lchown directory: %s",
strerror(errno)); strerror(errno));
return -1; return -1;
} }

View file

@ -570,8 +570,8 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
} }
} }
if (gid_set && chown(dir, -1, gid) < 0) { if (gid_set && lchown(dir, -1, gid) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
dir, (int) gid, strerror(errno)); dir, (int) gid, strerror(errno));
goto fail; goto fail;
} }
@ -638,8 +638,8 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
} }
} }
if (gid_set && chown(fname, -1, gid) < 0) { if (gid_set && lchown(fname, -1, gid) < 0) {
wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s", wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
fname, (int) gid, strerror(errno)); fname, (int) gid, strerror(errno));
goto fail; goto fail;
} }
@ -1235,9 +1235,9 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
(int) gid); (int) gid);
} }
if (chown(ctrl, -1, gid) < 0) { if (lchown(ctrl, -1, gid) < 0) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"chown[global_ctrl_interface=%s,gid=%d]: %s", "lchown[global_ctrl_interface=%s,gid=%d]: %s",
ctrl, (int) gid, strerror(errno)); ctrl, (int) gid, strerror(errno));
goto fail; goto fail;
} }

View file

@ -431,7 +431,7 @@ static void hs20_set_osu_access_permission(const char *osu_dir,
return; return;
} }
if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) { if (lchown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
wpa_printf(MSG_WARNING, "Cannot change the ownership for %s", wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
fname); fname);
} }