colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2005-06-22 Robert Love <rml@novell.com>

Browse Source 
* dispatcher-daemon/NetworkManagerDispatcher.c: fix FIXME: check
          permissions of scripts before executing.


git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@737 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
This commit is contained in:
Robert Love
2005-06-23 02:49:01 +00:00
committed by Robert Love
parent 24994eab84
commit e12bdee314
2 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -1,3 +1,8 @@
2005-06-22 Robert Love <rml@novell.com>
* dispatcher-daemon/NetworkManagerDispatcher.c: fix FIXME: check
permissions of scripts before executing.
2005-06-21 Robert Love <rml@novell.com> 2005-06-21 Robert Love <rml@novell.com>
* initscript/SUSE/networkmanager: update. * initscript/SUSE/networkmanager: update.

43
dispatcher-daemon/NetworkManagerDispatcher.c
View File

@@ -50,13 +50,40 @@ typedef enum NMDAction NMDAction;
#define NM_SCRIPT_DIR "/etc/NetworkManager/dispatcher.d" #define NM_SCRIPT_DIR "/etc/NetworkManager/dispatcher.d"
/*
* nmd_permission_check
*
* Verify that the given script has the permissions we want. Specifically,
* very that the file is
* - A regular file.
* - Owned by root.
* - Not writable by the group or by other.
* - Not setuid.
* - Executable by the owner.
*
*/
static inline gboolean nmd_permission_check (struct stat *s)
{
if (!S_ISREG (s->st_mode))
return FALSE;
if (s->st_uid != 0)
return FALSE;
if (s->st_mode & (S_IWGRP|S_IWOTH|S_ISUID))
return FALSE;
if (!(s->st_mode & S_IXUSR))
return FALSE;
return TRUE;
}
/* /*
* nmd_execute_scripts * nmd_execute_scripts
* *
* Call scripts in /etc/NetworkManager.d when devices go down or up * Call scripts in /etc/NetworkManager.d when devices go down or up
* *
*/ */
void nmd_execute_scripts (NMDAction action, char *iface_name) static void nmd_execute_scripts (NMDAction action, char *iface_name)
{ {
GDir * dir; GDir * dir;
const char * file_name; const char * file_name;
@@ -82,17 +109,15 @@ void nmd_execute_scripts (NMDAction action, char *iface_name)
if ((file_name[0] != '.') && (stat (file_path, &s) == 0)) if ((file_name[0] != '.') && (stat (file_path, &s) == 0))
{ {
/* FIXME if (nmd_permission_check (&s))
* We should check the permissions and only execute files that
* are 0700 or 0500.
*/
if (S_ISREG (s.st_mode) && !S_ISLNK (s.st_mode) && (s.st_uid == 0))
{ {
int x;
char *cmd; char *cmd;
int ret;
cmd = g_strdup_printf ("%s %s %s", file_path, iface_name, char_act); cmd = g_strdup_printf ("%s %s %s", file_path, iface_name, char_act);
x = system (cmd); ret = system (cmd);
if (ret == -1)
nm_warning ("nmd_execute_scripts(): system() failed with errno = %d", errno);
g_free (cmd); g_free (cmd);
} }
} }
@@ -109,7 +134,7 @@ void nmd_execute_scripts (NMDAction action, char *iface_name)
* *
* Queries NetworkManager for the name of a device, specified by a device path * Queries NetworkManager for the name of a device, specified by a device path
*/ */
char * nmd_get_device_name (DBusConnection *connection, char *path) static char * nmd_get_device_name (DBusConnection *connection, char *path)
{ {
DBusMessage * message; DBusMessage * message;
DBusMessage * reply; DBusMessage * reply;