From 49efcc8976fbc05ecfd7d9884c5f7bee0a79dfb9 Mon Sep 17 00:00:00 2001 From: "kestes%staff.mail.com" Date: Thu, 4 Jan 2001 00:31:20 +0000 Subject: [PATCH] add more documentation to top of file explaining what file does. add strict checks on directories, so that there is no security problem with our data. treat special ids and groups as if they are root, now its a fatal error. --- webtools/tinderbox2/src/lib/Utils.pm | 71 ++++++++++++++++++++++------ 1 file changed, 56 insertions(+), 15 deletions(-) diff --git a/webtools/tinderbox2/src/lib/Utils.pm b/webtools/tinderbox2/src/lib/Utils.pm index 6ee7e71ba08a..a854931adf55 100755 --- a/webtools/tinderbox2/src/lib/Utils.pm +++ b/webtools/tinderbox2/src/lib/Utils.pm @@ -1,10 +1,10 @@ # -*- Mode: perl; indent-tabs-mode: nil -*- -# General purpose utility functions. Every project needs a kludge -# bucket for common access. +# Utils.pm - General purpose utility functions. Every project needs a +# kludge bucket for common access. -# $Revision: 1.8 $ -# $Date: 2000/11/29 21:11:50 $ +# $Revision: 1.9 $ +# $Date: 2001/01/04 00:31:20 $ # $Author: kestes%staff.mail.com $ # $Source: /home/hwine/cvs_conversion/cvsroot/mozilla/webtools/tinderbox2/src/lib/Utils.pm,v $ # $Name: $ @@ -52,6 +52,33 @@ use Time::Local; +# check that the data directories exists and meet the security policy. + +sub security_check_data_dir { + my ($dir) = (@_); + + ( -l $dir ) && + die("Security Error. dir: $dir is a symbolic link\n"); + + mkdir_R($dir); + + ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, + $atime,$mtime,$ctime,$blksize,$blocks) = + stat ($dir); + + my $tinderbox_uid = $<; + +# ( $uid == $tinderbox_uid ) || +# die("Security Error. dir: $dir is not owned by ". +# "the tinderbox id: $tinderbox_uid\n"); + +# ( $mode & 02) && +# die("Security Error. dir: $dir is writable by other\n"); + + return 1; +} + + sub set_static_vars { # This functions sets all the static variables which are often @@ -151,17 +178,29 @@ sub get_env { # check both real and effective uid of the process to see if we have # been configured to run with too much privileges. - ( $< == 0 ) && + ( $< >= 100 ) || die("Security Error. Must not run this program as root\n"); - ( $> == 0 ) && + ( $> >= 100 ) || die("Security Error. Must not run this program as root\n"); + # check both real and effective gid of the process to see if we have + # been configured to run with too much privileges. + + ( $( >= 10 ) || + die("Security Error. Must not run this program as group root\n"); + + ( $) >= 10 ) || + die("Security Error. Must not run this program as group root\n"); + + my ($logdir) = File::Basename::dirname($ERROR_LOG); mkdir_R($logdir); + security_check_data_dir($logdir); my ($lockdir) = File::Basename::dirname($LOCK_FILE); mkdir_R($lockdir); + security_check_data_dir($lockdir); my (@trees) = TreeData::get_all_trees(); foreach $tree (@trees) { @@ -169,10 +208,10 @@ sub get_env { my ($dir); $dir = FileStructure::get_filename($tree, 'TinderDB_Dir'); - mkdir_R($dir, 0777); - + security_check_data_dir($dir); + $dir = FileStructure::get_filename($tree, 'TinderHeader_Dir'); - mkdir_R($dir, 0777); + security_check_data_dir($dir); } @@ -238,17 +277,19 @@ sub mkdir_R { (-d $dir) && return ; - $mode = $mode || 0755; + my ($default_new_dir_mode) = 0755; + + $mode = $mode || $default_new_dir_mode; my @dir = split('/', $dir); foreach $i (0..$#dir) { - my ($dir) = join('/', @dir[0..$i]); - ($dir) || next; + my ($dir_prefix) = join('/', @dir[0..$i]); + ($dir_prefix) || next; - (-d $dir) || - mkdir ($dir, $mode) || - die("Could not mkdir: $dir, for writing: $!\n"); + (-d $dir_prefix) || + mkdir ($dir_prefix, $mode) || + die("Could not mkdir: $dir_prefix, for writing: $!\n"); } return 1;