Merge remote-tracking branch 'joanna/release2' into release2

Conflicts:
	version
This commit is contained in:
Marek Marczykowski-Górecki 2015-01-21 06:38:43 +01:00
commit 6ce1e945f3
3 changed files with 47 additions and 7 deletions

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
qubes-core-agent (2.1.50) jessie; urgency=medium
* filecopy: prevent files/dirs movement outside incoming directory
during transfer
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sun, 18 Jan 2015 18:07:07 +0100
qubes-core-agent (2.1.49) jessie; urgency=medium
* fedora: Fix iptables config install script

View File

@ -5,6 +5,9 @@
#include <stdlib.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <sys/fsuid.h>
@ -34,8 +37,11 @@ int prepare_creds_return_uid(const char *username)
int main(int argc __attribute((__unused__)), char ** argv __attribute__((__unused__)))
{
char *incoming_dir;
int uid;
int uid, ret;
pid_t pid;
const char *remote_domain;
char *procdir_path;
int procfs_fd;
uid = prepare_creds_return_uid("user");
@ -50,9 +56,36 @@ int main(int argc __attribute((__unused__)), char ** argv __attribute__((__unuse
mkdir(incoming_dir, 0700);
if (chdir(incoming_dir))
gui_fatal("Error chdir to %s", incoming_dir);
if (chroot(incoming_dir)) //impossible
gui_fatal("Error chroot to %s", incoming_dir);
if (setuid(uid) < 0)
gui_fatal("Error changing permissions to '%s'", "user");
return do_unpack();
if (mount(".", ".", NULL, MS_BIND | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL) < 0)
gui_fatal("Failed to mount a directory %s", incoming_dir);
/* parse the input in unprivileged child process, parent will hold root
* access to unmount incoming dir */
switch (pid=fork()) {
case -1:
gui_fatal("Failed to create new process");
case 0:
asprintf(&procdir_path, "/proc/%d/fd", getpid());
procfs_fd = open(procdir_path, O_DIRECTORY | O_RDONLY);
if (procfs_fd < 0)
gui_fatal("Failed to open /proc");
free(procdir_path);
set_procfs_fd(procfs_fd);
if (chroot("."))
gui_fatal("Error chroot to %s", incoming_dir);
if (setuid(uid) < 0) {
/* no kdialog inside chroot */
perror("setuid");
exit(1);
}
return do_unpack();
}
if (waitpid(pid, &ret, 0) < 0) {
gui_fatal("Failed to wait for child process");
}
if (umount2(".", MNT_DETACH) < 0)
gui_fatal("Cannot umount incoming directory");
return ret;
}

View File

@ -1 +1 @@
2.1.49.1
2.1.50