diff options
| author | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2020-07-23 19:13:11 +0300 |
|---|---|---|
| committer | Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2020-07-23 20:00:54 +0300 |
| commit | 2428b6eed51e30a324148529eb6429a9d474f857 (patch) | |
| tree | ea3885d53df4ba1e2090f621d8729ba2c8f57662 | |
| parent | 52fe77517629012769b9d59ecdab37cad08b8711 (diff) | |
| download | virtual-media-2428b6eed51e30a324148529eb6429a9d474f857.tar.xz | |
Assure rigth permissions for files
According to security guidelines, files created by service must be
limited to the narrowest set of permissions required. This must be also
true for 3rd party files used by Virtual Media.
- For all regular files and directories created by service umask is
used.
- For sockets, permissions are limited by permissions of parent
directory. For full reference see man unix(7). Below the most important
fragment:
"In the Linux implementation, sockets which are visible in the
filesystem honor the permissions of the directory they are in. Their
owner, group and their permissions can be changed. Creation of a new
socket will fail if the process does not have write and search (execute)
permission on the directory the socket is created in. Connecting to the
socket object requires read/write permission. This behavior differs from
many BSD-derived systems which ignore permissions for UNIX domain
sockets. Portable programs should not rely on this feature for
security."
Change-Id: I22ff531c96c8a6903fecb5d8cc71caf33150a713
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
| -rw-r--r-- | src/configuration.hpp | 4 | ||||
| -rw-r--r-- | src/main.cpp | 18 | ||||
| -rw-r--r-- | virtual-media.json | 8 |
3 files changed, 26 insertions, 4 deletions
diff --git a/src/configuration.hpp b/src/configuration.hpp index 25f9855..c29e133 100644 --- a/src/configuration.hpp +++ b/src/configuration.hpp @@ -3,6 +3,8 @@ #include "logger.hpp" #include "system.hpp" +#include <sys/types.h> + #include <algorithm> #include <boost/container/flat_map.hpp> #include <iostream> @@ -27,6 +29,8 @@ class Configuration legacy = 1, }; + static constexpr mode_t defaultUmask = 077; + struct MountPoint { static constexpr int defaultTimeout = 30; diff --git a/src/main.cpp b/src/main.cpp index 49dab24..a20c68a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -4,6 +4,8 @@ #include "system.hpp" #include <sys/mount.h> +#include <sys/stat.h> +#include <sys/types.h> #include <boost/asio.hpp> #include <boost/asio/buffer.hpp> @@ -76,6 +78,22 @@ int main() if (!config.valid) return -1; + // setup secure ownership for newly created files (always succeeds) + umask(Configuration::defaultUmask); + + // Create directory with limited access rights to hold sockets + try + { + std::filesystem::create_directories( + std::filesystem::temp_directory_path() / "sock"); + } + catch (std::filesystem::filesystem_error& e) + { + LogMsg(Logger::Error, + "Cannot create secure directory for sockets: ", e.what()); + return -1; + } + boost::asio::io_context ioc; boost::asio::signal_set signals(ioc, SIGINT, SIGTERM); signals.async_wait( diff --git a/virtual-media.json b/virtual-media.json index 602ba1e..c5c53ed 100644 --- a/virtual-media.json +++ b/virtual-media.json @@ -5,7 +5,7 @@ "EndpointId": "/nbd/0", "Mode": 0, "NBDDevice": "nbd0", - "UnixSocket": "/tmp/nbd0.sock", + "UnixSocket": "/tmp/sock/nbd0.sock", "Timeout": 30, "BlockSize": 512 }, @@ -13,7 +13,7 @@ "EndpointId": "/nbd/1", "Mode": 0, "NBDDevice": "nbd1", - "UnixSocket": "/tmp/nbd1.sock", + "UnixSocket": "/tmp/sock/nbd1.sock", "Timeout": 30, "BlockSize": 512 }, @@ -21,7 +21,7 @@ "EndpointId": "", "Mode": 1, "NBDDevice": "nbd2", - "UnixSocket": "/tmp/nbd2.sock", + "UnixSocket": "/tmp/sock/nbd2.sock", "Timeout": 90, "BlockSize": 512 }, @@ -29,7 +29,7 @@ "EndpointId": "", "Mode": 1, "NBDDevice": "nbd3", - "UnixSocket": "/tmp/nbd3.sock", + "UnixSocket": "/tmp/sock/nbd3.sock", "Timeout": 90, "BlockSize": 512 } |