From nobody Mon Feb 26 18:14:34 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tk80F4WHcz5Bv0b for ; Mon, 26 Feb 2024 18:14:37 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tk80F2jxzz4mgb for ; Mon, 26 Feb 2024 18:14:37 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-21f70f72fb5so2314850fac.1 for ; Mon, 26 Feb 2024 10:14:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1708971276; x=1709576076; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=PDYV1pNznPfOI6LQC7ytV1Z60kvi0s9XnRkGd4hF2pI=; b=T3wD4+hAoPXoqHWI8RcViYY3wnP32g+O+ova6Ca5B/EXb6jP21XbtouDswO4J5qReC pi7tQahMkHi8rY0EYoe0FdNi/IzH2muazFOGD+yZlFNyZwyH+omQOMOtkbfvqgCDd5XD YiCAbxGbvfZCUifOysJ8Lr4y/2xWfmtFERgK9BE5nNuoh8qrFS2slYT7TE+mzsFQLzWJ 3BgXNnJV9ZlSXxIhDOZZdmGo3tRpzlhkfL+ELRIK3foPperHHByYjfg9qiVaWM1VIPD8 GxLLSO90OsTikGxmOpZStjTt/xkegcwZObXQ6obYYOAymyTD4mnQWRNff3B/Momi6w8p EnUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708971276; x=1709576076; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PDYV1pNznPfOI6LQC7ytV1Z60kvi0s9XnRkGd4hF2pI=; b=XlJJ6VpXcnLv0QHfBLAFteTCPrs60aYvJ8wN5oKZnT4GTAZblleuS+AR8sb4bIb2Ko +M4211Ijtn/tClzPhX5UkqisPK5fNh96Vt4UHXt8POrb5BxuRsNMjSsCEp44e9IIFSgH jke/aYhWNEFnXxfsLwMan/sg0bhxdCzj+qx1t2yCDvaSSb2ZZAjzKf1b/PxgomcO2T/M ptXi9MN/e5hhqsLMjjm4Fu8NdqQU7BU6oPHnuVjV5pg8Ig/LJAzt8S2MTcNcKFZgpKp4 4S1U2dombv6h5VlmdCN4M9fOCdXHUlZvqIQFC+GARO535G8M55vAW+ZCCJ0Rn+sANYzX Jg7w== X-Forwarded-Encrypted: i=1; AJvYcCXUoVm6OPFANYveC6T40HZZlTIf18QMAN0EUjabfEwmC24prU5dz43xSXxzD3Q2uFpJXtjAPVpdzhw/MFl9MWyCSJb/GqmcEsiXewR/u4sk X-Gm-Message-State: AOJu0YzdILUzCJS8QSeMMq1ibjQRKo/VYg13di0WPexqdkduJTt2p3Et aPNlCksD0cNIurtL4QqYSciDxtT+A8G7wcm6NrXgUFKcpNmOT1PvqgB2BiVQRHs= X-Google-Smtp-Source: AGHT+IFFPH4XUAcoeTW7eMPbrzVRnu800MrURqSKCUaaX3xVvHkXzM9Gwc2Rd5dacUoPzb+ZplSKSg== X-Received: by 2002:a05:6870:c115:b0:21f:a837:500c with SMTP id f21-20020a056870c11500b0021fa837500cmr8972942oad.34.1708971276163; Mon, 26 Feb 2024 10:14:36 -0800 (PST) Received: from mutt-hbsd (174-24-72-211.clsp.qwest.net. [174.24.72.211]) by smtp.gmail.com with ESMTPSA id l28-20020a0568301d7c00b006e4539f3af4sm1188762oti.71.2024.02.26.10.14.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 10:14:35 -0800 (PST) Date: Mon, 26 Feb 2024 18:14:34 +0000 From: Shawn Webb To: Emmanuel Vadot Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module Message-ID: <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4> X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="b5b3qdh2angfxah3" Content-Disposition: inline In-Reply-To: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US] X-Rspamd-Queue-Id: 4Tk80F2jxzz4mgb --b5b3qdh2angfxah3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 26, 2024 at 05:35:57PM +0000, Emmanuel Vadot wrote: > The branch main has been updated by manu: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D6e69612d5df1c1d5bd86990ea4= d9a170c030b292 >=20 > commit 6e69612d5df1c1d5bd86990ea4d9a170c030b292 > Author: Emmanuel Vadot > AuthorDate: 2024-02-21 14:51:05 +0000 > Commit: Emmanuel Vadot > CommitDate: 2024-02-26 17:34:52 +0000 >=20 > pam: Add pam_xdg module > =20 > This is a module to setup the XDG directories and environment variabl= es. > For now the only usage is to have a XDG_RUNTIME_DIR environment setup= at > user login. > All other environment variable have a default fallback so no need to = export > them in this module. > The directory is created according to the XDG Base directory specific= ation. > =20 > The default base directory is /var/run/xdg/ but can be conf= igured > using the runtime_dir=3D module option. > =20 > According to the spec the directory *must* not survive a reboot so ad= ding > var_run_enable=3D"YES" to rc.conf is highly recommanded. > =20 > Reviewed by: des, pauamma (manpages) > Differential Revision: https://reviews.freebsd.org/D44011 > Sponsored by: Beckhoff Automation GmbH & Co. KG > --- > lib/libpam/modules/modules.inc | 1 + > lib/libpam/modules/pam_xdg/Makefile | 6 + > lib/libpam/modules/pam_xdg/pam_xdg.8 | 56 +++++++ > lib/libpam/modules/pam_xdg/pam_xdg.c | 311 +++++++++++++++++++++++++++++= ++++++ > 4 files changed, 374 insertions(+) [snip] > diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.c b/lib/libpam/modules/pa= m_xdg/pam_xdg.c > new file mode 100644 > index 000000000000..40012fe463e0 > --- /dev/null > +++ b/lib/libpam/modules/pam_xdg/pam_xdg.c > @@ -0,0 +1,311 @@ > +/*- > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in the > + * documentation and/or other materials provided with the distributio= n. > + * > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PU= RPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIAB= LE > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUE= NTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOO= DS > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, S= TRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY= WAY > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > + * SUCH DAMAGE. > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define PAM_SM_SESSION > + > +#include > +#include > +#include > + > +#define BASE_RUNTIME_DIR_PREFIX "/var/run/xdg" > +#define RUNTIME_DIR_PREFIX runtime_dir_prefix !=3D NULL ? runtime_dir_pr= efix : BASE_RUNTIME_DIR_PREFIX > + > +#define RUNTIME_DIR_PREFIX_MODE 0711 > +#define RUNTIME_DIR_MODE 0700 /* XDG spec */ > + > +#define XDG_MAX_SESSION 100 /* Arbitrary limit because we need one */ > + > +static int > +_pam_xdg_open(pam_handle_t *pamh, int flags __unused, > + int argc __unused, const char *argv[] __unused) > +{ > + struct passwd *passwd; > + const char *user; > + const char *runtime_dir_prefix; > + struct stat sb; > + char *runtime_dir =3D NULL; > + char *xdg_session_file; > + int rv, rt_dir_prefix, rt_dir, session_file, i; > + > + session_file =3D -1; > + rt_dir_prefix =3D -1; > + runtime_dir_prefix =3D openpam_get_option(pamh, "runtime_dir_prefix"); > + > + /* Get user info */ > + rv =3D pam_get_item(pamh, PAM_USER, (const void **)&user); > + if (rv !=3D PAM_SUCCESS) { > + PAM_VERBOSE_ERROR("Can't get user information"); > + goto out; > + } > + if ((passwd =3D getpwnam(user)) =3D=3D NULL) { > + PAM_VERBOSE_ERROR("Can't get user information"); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + > + /* Open or create the base xdg directory */ > + rt_dir_prefix =3D open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); > + if (rt_dir_prefix < 0) { > + rt_dir_prefix =3D mkdir(RUNTIME_DIR_PREFIX, RUNTIME_DIR_PREFIX_MODE); > + if (rt_dir_prefix !=3D 0) { > + PAM_VERBOSE_ERROR("Can't mkdir %s", RUNTIME_DIR_PREFIX); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + rt_dir_prefix =3D open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); > + } > + > + /* Open or create the user xdg directory */ > + rt_dir =3D openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW); > + if (rt_dir < 0) { > + rt_dir =3D mkdirat(rt_dir_prefix, user, RUNTIME_DIR_MODE); > + if (rt_dir !=3D 0) { > + PAM_VERBOSE_ERROR("mkdir: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rt_d= ir); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + rv =3D fchownat(rt_dir_prefix, user, passwd->pw_uid, passwd->pw_gid, 0= ); > + if (rv !=3D 0) { > + PAM_VERBOSE_ERROR("fchownat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, r= v); > + rv =3D unlinkat(rt_dir_prefix, user, AT_REMOVEDIR); > + if (rv =3D=3D -1) > + PAM_VERBOSE_ERROR("unlinkat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, = errno); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + } else { > + /* Check that the already create dir is correctly owned */ > + rv =3D fstatat(rt_dir_prefix, user, &sb, 0); > + if (rv =3D=3D -1) { > + PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, us= er, errno); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + if (sb.st_uid !=3D passwd->pw_uid || > + sb.st_gid !=3D passwd->pw_gid) { > + PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX,= user, passwd->pw_uid, passwd->pw_gid); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + /* Test directory mode */ > + if ((sb.st_mode & 0x1FF) !=3D RUNTIME_DIR_MODE) { > + PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user= ); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + } > + > + /* Setup the environment variable */ > + asprintf(&runtime_dir, "XDG_RUNTIME_DIR=3D%s/%s", RUNTIME_DIR_PREFIX, u= ser); > + rv =3D pam_putenv(pamh, runtime_dir); > + if (rv !=3D PAM_SUCCESS) { > + PAM_VERBOSE_ERROR("pam_putenv: failed (%d)", rv); > + rv =3D PAM_SESSION_ERR; > + goto out; > + } > + > + /* Setup the session count file */ > + for (i =3D 0; i < XDG_MAX_SESSION; i++) { > + asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); If asprintf fails, xdg_session_file will be NULL. > + printf("Trying to open %s\n", xdg_session_file); > + session_file =3D openat(rt_dir_prefix, xdg_session_file, O_CREAT | O_E= XCL, RUNTIME_DIR_MODE); If xdg_session_file is NULL, there is a NULL pointer dereference vulnerability in the above call to openat(2). > + free(xdg_session_file); > + if (session_file >=3D 0) > + break; Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --b5b3qdh2angfxah3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXc1P0ACgkQ/y5nonf4 4fpsJA//dsUTrurhgPoofonbjZfhXiv1lXpdSToscxMogUEG1TAsGrMn+cvJPNne 0RUDc9FSuKz7mn/VCDxO9N1dEND9kbyZy2XEc0FJ64GFbM0Lr2eqKfO9Ez3lWI/l P7bSfiD3NONgtlmHQDtYE4PmRi0q8kHq596OvQlOAuADHK2xT5BuOyqsLCZp1aPM Db2zQxqt1+G6J46oOjGMWRaZH1l+ZCH4Q52cl9JDyZ0y7TlHyHCAsqm30e0C/7k+ u1UGBbwSeQYq4btlUBtjS7Yiivse+a65Dmdlz5GvKgf6fWgu144Py8GcV1ilACPQ u0h20GJVsOKqiDdxVHZzZVCsnTyyMMo6ifW31WU9Ob0H14O2p3ftywYIdd8UOirV EC1cuqmgtLcNwmGvn+wuRvmHteqzX+aoMnS/iRceuBK2Pt69AbMMgY1rLv0tQOwK /9k/K8IRVDMU2c3bOZRd6TSpv1579O8uVZhn9agBlJ78nqnsOf9BbCb6yh9wG4Fj cM0tk5KfHqrXWZdxHclg+LwA7aEsjuxsViI5KKPisIrhBIC5ZKu84f7Ki8qsvbt/ 9fyKTPEctzO4cKNJoO/7XGnsWmw56a1ElLjVP0UTkuLBCc/T0C+CZNqLB7LjhFtf 4AjmqJRinqSLJxPQs1E/NMAERZVtu5X01TcDe3tV5mNGlR2Zto8= =jG4B -----END PGP SIGNATURE----- --b5b3qdh2angfxah3--