c35cd9e Add security checks before loading external code. — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Add security checks before loading external code.

Julien Laffaye committed 13 years ago

commit c35cd9ebfe95b7c8d1764a4a2f8eecf589f66378
parent be6d1d9

1 file changed +19 -0

modified libpkg/plugins.c

@@ -1,5 +1,6 @@

 /*
  * Copyright (c) 2012 Marin Atanasov Nikolov <dnaeon@gmail.com>
  * Copyright (c) 2012 Julien Laffaye <jlaffaye@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

@@ -217,6 +218,7 @@ pkg_plugins_free(void)

 static int
 pkg_plugins_load(struct pkg_plugins *p)
 {
 	struct stat st;
 	struct sbuf *init_name = NULL;
 	int (*init_func)(void);
 	int rc = EPKG_OK;

@@ -236,6 +238,23 @@ pkg_plugins_load(struct pkg_plugins *p)

 	}
 	/*
 	 * Check file permission of he shared object. To limit security exposure,
 	 * it must be owned by root and in 0444 (readonly) mode.
 	 */
 	if (stat(pluginfile, &st) != 0) {
 		pkg_emit_errno("stat", pluginfile);
 		return (EPKG_FATAL);
 	}
 	if (st.st_uid != 0) {
 		pkg_emit_error("Plugin file %s must be owned by root", pluginfile);
 		return (EPKG_FATAL);
 	}
 	if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != 0444) {
 		pkg_emit_error("Plugin file %s must be in mode 444", pluginfile);
 		return (EPKG_FATAL);
 	}
 	/*
 	 * Load the plugin
 	 */
 	if ((p->lh = dlopen(pluginfile, RTLD_LAZY)) == NULL) {