diff options
| author | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-11-26 14:54:58 +0100 |
|---|---|---|
| committer | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2014-01-10 07:15:38 +0100 |
| commit | 34150c069cb4ec209d6ac9dfe066a77e1073936e (patch) | |
| tree | c6dc9615c012ff932f5b68f7e966de2cd6f88867 | |
| parent | c48c1d23f6b27a459db55d64e87dbbc0394c0cf6 (diff) | |
| download | DLT-daemon-34150c069cb4ec209d6ac9dfe066a77e1073936e.tar.gz | |
Security fix on DLT pipes.
Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
| -rw-r--r-- | src/daemon/dlt-daemon.c | 19 | ||||
| -rw-r--r-- | src/lib/dlt_user.c | 11 | ||||
| -rwxr-xr-x | src/shared/dlt_user_shared_cfg.h | 4 |
3 files changed, 30 insertions, 4 deletions
diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index 53a1ae6..47c395f 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -800,10 +800,27 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, DltDaemonLocal *daemon_l /* open named pipe(FIFO) to receive DLT messages from users */ umask(0); + ret=mkdir(DLT_USER_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH | S_ISVTX ); + if (ret==-1 && errno != EEXIST) + { + sprintf(str,"FIFO user dir %s cannot be created!\n", DLT_USER_DIR); + dlt_log(LOG_ERR, str); + return -1; + } + + // S_ISGID cannot be set by mkdir, let's reassign right bits + ret=chmod(DLT_USER_DIR, S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH | S_ISGID | S_ISVTX ); + if (ret==-1) + { + sprintf(str,"FIFO user dir %s cannot be chmoded!\n", DLT_USER_DIR); + dlt_log(LOG_ERR, str); + return -1; + } + /* Try to delete existing pipe, ignore result of unlink */ unlink(DLT_USER_FIFO); - ret=mkfifo(DLT_USER_FIFO, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH ); + ret=mkfifo(DLT_USER_FIFO, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ); if (ret==-1) { sprintf(str,"FIFO user %s cannot be created!\n",DLT_USER_FIFO); diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index e4368f7..867031c 100644 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -182,7 +182,7 @@ int dlt_init(void) /* Try to delete existing pipe, ignore result of unlink */ unlink(filename); - ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH ); + ret=mkfifo(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP ); if (ret==-1) { sprintf(str,"Loging disabled, FIFO user %s cannot be created!\n",filename); @@ -190,6 +190,15 @@ int dlt_init(void) /* return 0; */ /* removed to prevent error, when FIFO already exists */ } + // S_IWGRP cannot be set by mkfifo (???), let's reassign right bits + ret=chmod(filename, S_IRUSR | S_IWUSR | S_IWGRP | S_IRGRP ); + if (ret==-1) + { + sprintf(str,"FIFO user %s cannot be chmoded!\n", DLT_USER_DIR); + dlt_log(LOG_ERR, str); + return -1; + } + dlt_user.dlt_user_handle = open(filename, O_RDWR | O_CLOEXEC); if (dlt_user.dlt_user_handle == DLT_FD_INIT) { diff --git a/src/shared/dlt_user_shared_cfg.h b/src/shared/dlt_user_shared_cfg.h index 20b49bd..b780439 100755 --- a/src/shared/dlt_user_shared_cfg.h +++ b/src/shared/dlt_user_shared_cfg.h @@ -70,8 +70,8 @@ /* Changable */
/*************/
-/* Directory, whre the named pipes to the DLT daemon resides */
-#define DLT_USER_DIR "/tmp"
+/* Directory, where the named pipes to the DLT daemon resides */
+#define DLT_USER_DIR "/tmp/dltpipes"
/* Name of named pipe to DLT daemon */
#define DLT_USER_FIFO "/tmp/dlt"
|