From b7d6e44f3cc6a3aba82a067a9d6121c415a812fe Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 21 Oct 2014 10:31:30 +0200
Subject: settings: check file permissions when loading settings plugins

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 src/settings/nm-settings.c | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c
index 959ca94614..bd90668203 100644
--- a/src/settings/nm-settings.c
+++ b/src/settings/nm-settings.c
@@ -26,6 +26,8 @@
 #include "config.h"
 
 #include <unistd.h>
+#include <sys/stat.h>
+#include <errno.h>
 #include <string.h>
 #include <gmodule.h>
 #include <pwd.h>
@@ -626,10 +628,13 @@ load_plugins (NMSettings *self, const char **plugins, GError **error)
 
 	for (iter = plugins; iter && *iter; iter++) {
 		GModule *plugin;
-		char *full_name, *path;
+		gs_free char *full_name = NULL;
+		gs_free char *path = NULL;
 		gs_free char *pname = NULL;
 		GObject *obj;
 		GObject * (*factory_func) (void);
+		struct stat st;
+		int errsv;
 
 		pname = g_strdup (*iter);
 		g_strstrip (pname);
@@ -658,18 +663,31 @@ load_plugins (NMSettings *self, const char **plugins, GError **error)
 		full_name = g_strdup_printf ("nm-settings-plugin-%s", pname);
 		path = g_module_build_path (NMPLUGINDIR, full_name);
 
+		if (stat (path, &st) != 0) {
+			errsv = errno;
+			LOG (LOGL_WARN, "Could not load plugin '%s' from file '%s': %s", pname, path, strerror (errsv));
+			continue;
+		}
+		if (!S_ISREG (st.st_mode)) {
+			LOG (LOGL_WARN, "Could not load plugin '%s' from file '%s': not a file", pname, path);
+			continue;
+		}
+		if (st.st_uid != 0) {
+			LOG (LOGL_WARN, "Could not load plugin '%s' from file '%s': file must be owned by root", pname, path);
+			continue;
+		}
+		if (st.st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
+			LOG (LOGL_WARN, "Could not load plugin '%s' from file '%s': invalid file permissions", pname, path);
+			continue;
+		}
+
 		plugin = g_module_open (path, G_MODULE_BIND_LOCAL);
 		if (!plugin) {
-			LOG (LOGL_WARN, "Could not load plugin '%s': %s",
-			     pname, g_module_error ());
-			g_free (full_name);
-			g_free (path);
+			LOG (LOGL_WARN, "Could not load plugin '%s' from file '%s': %s",
+			     pname, full_name, g_module_error ());
 			continue;
 		}
 
-		g_free (full_name);
-		g_free (path);
-
 		/* errors after this point are fatal, because we loaded the shared library already. */
 
 		if (!g_module_symbol (plugin, "nm_system_config_factory", (gpointer) (&factory_func))) {
-- 
cgit v1.2.1