From nobody Mon Feb 26 20:08:35 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TkBWs5gx0z5C55m for ; Mon, 26 Feb 2024 20:08:41 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TkBWs0MNfz44dW for ; Mon, 26 Feb 2024 20:08:41 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=Jv8rkO05; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::22f as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org Received: by mail-oi1-x22f.google.com with SMTP id 5614622812f47-3c19e18470aso1254064b6e.1 for ; Mon, 26 Feb 2024 12:08:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1708978120; x=1709582920; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=uh+zO0LUTpuFYJffRlExyuTvYKY03hQwGUYtK48SO84=; b=Jv8rkO05xVnnRaT7SBpgStu+tk7CkyuHS1V3sifwHwpoFG300iRybIjvmcxdM7pmjs L/OzXMe7/T+8iLS8IRKJ3ZpLxujz+urpgmGZlGINEiWqNRooW5zN8bdBtUbfG6lINijb 0XyRcdwlG3ajeg65BD5Kc9ZT7RjmLVnwhGqE4MKdAxKGmNWUdyNHTIEHDHjWxgR7woKp Pr6ZMZwQRIrVVqLX5lFC61KKoAAPE5tbrgKYX2e5iiUoTAT3F+NvPeeoYGmpMv77lDCY kDHLZt6Q+Wn848yL6cksgVgxqbAg+6FiUyNxno2kDrJ2gMlAF1FehrEhHEXNKFFFNIoJ KmXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708978120; x=1709582920; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uh+zO0LUTpuFYJffRlExyuTvYKY03hQwGUYtK48SO84=; b=ej9gDJ20FT1uTySxk/6XlYc/f8xgvC97hdIGy6yGAX/UfLRjh9EzE0FpKC3GJxGRwx EcWB4a2DUNOnGJgyCd7H1Er7Sw1OEjytbRPh/gJbOqOgM4cogsMcqSxG8XaQr/zr3Qvb 8jvX+zE22V8LrTKwzFLBCiS8u7CXFEw2GCWIcTjCGloKpQSbgFyNSSBDE5kJDIeIuIxi I4fnzvHNBE9jmnsQEYSIOCao6AXvqQSSrp7mmw79jfbEux+Ggx03L78bRfzvPNI2lqLe DSYs7SVB08HikEeDOG3v+++NLU0+wSOkGgGo3d6Gq2vmyi1Mk+Qr+VfajIobChF7L2Si W9mg== X-Forwarded-Encrypted: i=1; AJvYcCUuvZIartEEiypMgcIjz9YZIjFe8iEVD2HLeRXfXrQb9eDOTl73yKw2lwmzGGCgQcvZ5o4HporMgcC7wgcDYjU9pBm+UuSPVHrdAgU3+NcW X-Gm-Message-State: AOJu0Yxf4dBgO0WiFWf4RQH7MO7Ygwhen/6+7WD/CdHLVbrgNKAhEBAA 2urzmAKIRNWAlzGkIsVBj4gWjPIYOjndlIjid9O4BXK12wYa7Qyuar8A1Kx22oM= X-Google-Smtp-Source: AGHT+IGInoimoLmQTJsb2jR823jS+K7+qtGur7e5W7Fhhd/fi1ElyiEXGs+Z1r0+3JQtkbsE4aCC4w== X-Received: by 2002:a05:6808:1286:b0:3c0:3e27:b122 with SMTP id a6-20020a056808128600b003c03e27b122mr159904oiw.39.1708978119774; Mon, 26 Feb 2024 12:08:39 -0800 (PST) Received: from mutt-hbsd (174-24-72-211.clsp.qwest.net. [174.24.72.211]) by smtp.gmail.com with ESMTPSA id s21-20020a05680810d500b003c1973dbca6sm1035304ois.2.2024.02.26.12.08.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 12:08:39 -0800 (PST) Date: Mon, 26 Feb 2024 20:08:35 +0000 From: Shawn Webb To: Emmanuel Vadot Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 6e69612d5df1 - main - pam: Add pam_xdg module Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202402261735.41QHZvL1027958@gitrepo.freebsd.org> <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="plr4rvdeq7gdc5hf" Content-Disposition: inline In-Reply-To: <2zwthawswhf5surxumjhhmvqpg6bauwl7ucog5kv3d33bej4ai@tpqxvtitsnt4> X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.10 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_NA(0.00)[]; MISSING_XM_UA(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::22f:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DMARC_NA(0.00)[hardenedbsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[dev-commits-src-all@freebsd.org]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org]; DKIM_TRACE(0.00)[hardenedbsd.org:+] X-Rspamd-Queue-Id: 4TkBWs0MNfz44dW --plr4rvdeq7gdc5hf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 26, 2024 at 06:14:34PM +0000, Shawn Webb wrote: > On Mon, Feb 26, 2024 at 05:35:57PM +0000, Emmanuel Vadot wrote: > > The branch main has been updated by manu: > >=20 > > URL: https://cgit.FreeBSD.org/src/commit/?id=3D6e69612d5df1c1d5bd86990e= a4d9a170c030b292 > >=20 > > commit 6e69612d5df1c1d5bd86990ea4d9a170c030b292 > > Author: Emmanuel Vadot > > AuthorDate: 2024-02-21 14:51:05 +0000 > > Commit: Emmanuel Vadot > > CommitDate: 2024-02-26 17:34:52 +0000 > >=20 > > pam: Add pam_xdg module > > =20 > > This is a module to setup the XDG directories and environment varia= bles. > > For now the only usage is to have a XDG_RUNTIME_DIR environment set= up at > > user login. > > All other environment variable have a default fallback so no need t= o export > > them in this module. > > The directory is created according to the XDG Base directory specif= ication. > > =20 > > The default base directory is /var/run/xdg/ but can be co= nfigured > > using the runtime_dir=3D module option. > > =20 > > According to the spec the directory *must* not survive a reboot so = adding > > var_run_enable=3D"YES" to rc.conf is highly recommanded. > > =20 > > Reviewed by: des, pauamma (manpages) > > Differential Revision: https://reviews.freebsd.org/D44011 > > Sponsored by: Beckhoff Automation GmbH & Co. KG > > --- > > lib/libpam/modules/modules.inc | 1 + > > lib/libpam/modules/pam_xdg/Makefile | 6 + > > lib/libpam/modules/pam_xdg/pam_xdg.8 | 56 +++++++ > > lib/libpam/modules/pam_xdg/pam_xdg.c | 311 +++++++++++++++++++++++++++= ++++++++ > > 4 files changed, 374 insertions(+) >=20 > [snip] >=20 > > diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.c b/lib/libpam/modules/= pam_xdg/pam_xdg.c > > new file mode 100644 > > index 000000000000..40012fe463e0 > > --- /dev/null > > +++ b/lib/libpam/modules/pam_xdg/pam_xdg.c > > @@ -0,0 +1,311 @@ > > +/*- > > + * SPDX-License-Identifier: BSD-2-Clause > > + * > > + * Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG > > + * > > + * Redistribution and use in source and binary forms, with or without > > + * modification, are permitted provided that the following conditions > > + * are met: > > + * 1. Redistributions of source code must retain the above copyright > > + * notice, this list of conditions and the following disclaimer. > > + * 2. Redistributions in binary form must reproduce the above copyright > > + * notice, this list of conditions and the following disclaimer in = the > > + * documentation and/or other materials provided with the distribut= ion. > > + * > > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' = AND > > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, T= HE > > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = PURPOSE > > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LI= ABLE > > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQ= UENTIAL > > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE G= OODS > > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTIO= N) > > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,= STRICT > > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN A= NY WAY > > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY= OF > > + * SUCH DAMAGE. > > + */ > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > + > > +#define PAM_SM_SESSION > > + > > +#include > > +#include > > +#include > > + > > +#define BASE_RUNTIME_DIR_PREFIX "/var/run/xdg" > > +#define RUNTIME_DIR_PREFIX runtime_dir_prefix !=3D NULL ? runtime_dir_= prefix : BASE_RUNTIME_DIR_PREFIX > > + > > +#define RUNTIME_DIR_PREFIX_MODE 0711 > > +#define RUNTIME_DIR_MODE 0700 /* XDG spec */ > > + > > +#define XDG_MAX_SESSION 100 /* Arbitrary limit because we need one */ > > + > > +static int > > +_pam_xdg_open(pam_handle_t *pamh, int flags __unused, > > + int argc __unused, const char *argv[] __unused) > > +{ > > + struct passwd *passwd; > > + const char *user; > > + const char *runtime_dir_prefix; > > + struct stat sb; > > + char *runtime_dir =3D NULL; > > + char *xdg_session_file; > > + int rv, rt_dir_prefix, rt_dir, session_file, i; > > + > > + session_file =3D -1; > > + rt_dir_prefix =3D -1; > > + runtime_dir_prefix =3D openpam_get_option(pamh, "runtime_dir_prefix"); > > + > > + /* Get user info */ > > + rv =3D pam_get_item(pamh, PAM_USER, (const void **)&user); > > + if (rv !=3D PAM_SUCCESS) { > > + PAM_VERBOSE_ERROR("Can't get user information"); > > + goto out; > > + } > > + if ((passwd =3D getpwnam(user)) =3D=3D NULL) { > > + PAM_VERBOSE_ERROR("Can't get user information"); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + > > + /* Open or create the base xdg directory */ > > + rt_dir_prefix =3D open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); > > + if (rt_dir_prefix < 0) { > > + rt_dir_prefix =3D mkdir(RUNTIME_DIR_PREFIX, RUNTIME_DIR_PREFIX_MODE); > > + if (rt_dir_prefix !=3D 0) { > > + PAM_VERBOSE_ERROR("Can't mkdir %s", RUNTIME_DIR_PREFIX); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + rt_dir_prefix =3D open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); > > + } > > + > > + /* Open or create the user xdg directory */ > > + rt_dir =3D openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW); > > + if (rt_dir < 0) { > > + rt_dir =3D mkdirat(rt_dir_prefix, user, RUNTIME_DIR_MODE); > > + if (rt_dir !=3D 0) { > > + PAM_VERBOSE_ERROR("mkdir: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rt= _dir); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + rv =3D fchownat(rt_dir_prefix, user, passwd->pw_uid, passwd->pw_gid,= 0); > > + if (rv !=3D 0) { > > + PAM_VERBOSE_ERROR("fchownat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user,= rv); > > + rv =3D unlinkat(rt_dir_prefix, user, AT_REMOVEDIR); > > + if (rv =3D=3D -1) > > + PAM_VERBOSE_ERROR("unlinkat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user= , errno); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + } else { > > + /* Check that the already create dir is correctly owned */ > > + rv =3D fstatat(rt_dir_prefix, user, &sb, 0); > > + if (rv =3D=3D -1) { > > + PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, = user, errno); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + if (sb.st_uid !=3D passwd->pw_uid || > > + sb.st_gid !=3D passwd->pw_gid) { > > + PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFI= X, user, passwd->pw_uid, passwd->pw_gid); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + /* Test directory mode */ > > + if ((sb.st_mode & 0x1FF) !=3D RUNTIME_DIR_MODE) { > > + PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, us= er); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + } > > + > > + /* Setup the environment variable */ > > + asprintf(&runtime_dir, "XDG_RUNTIME_DIR=3D%s/%s", RUNTIME_DIR_PREFIX,= user); > > + rv =3D pam_putenv(pamh, runtime_dir); > > + if (rv !=3D PAM_SUCCESS) { > > + PAM_VERBOSE_ERROR("pam_putenv: failed (%d)", rv); > > + rv =3D PAM_SESSION_ERR; > > + goto out; > > + } > > + > > + /* Setup the session count file */ > > + for (i =3D 0; i < XDG_MAX_SESSION; i++) { > > + asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); >=20 > If asprintf fails, xdg_session_file will be NULL. >=20 > > + printf("Trying to open %s\n", xdg_session_file); > > + session_file =3D openat(rt_dir_prefix, xdg_session_file, O_CREAT | O= _EXCL, RUNTIME_DIR_MODE); >=20 > If xdg_session_file is NULL, there is a NULL pointer dereference > vulnerability in the above call to openat(2). >=20 > > + free(xdg_session_file); > > + if (session_file >=3D 0) > > + break; >=20 Fixed in HardenedBSD: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/0b5bf32630b342= 9e0b5a321e6621a404dc93ecc5 But in that commit, I made a typo, which was subsequently fixed here: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/865994a5cf2093= 7224bde0662bb1f96ba18e072f Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --plr4rvdeq7gdc5hf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmXc77sACgkQ/y5nonf4 4frNBxAAkD4MulAP10MfCQAhQBseqbNnfElzhn+7QE2fH+wClhcYbURgpui86mA6 jGaJ+pneopM8Q/NdTVfcXodi0fSQaDMBCgwL1ojquuvlOmQ3HJQHYHZMnrnCQfYl KajJJFwcGgy9ZCjCSvcfIFluSjPfFdgQR8uzSf11w7Pum3tAbmju2n7b3/NZT7Z9 MmLSxWHA0loTNnsHnafa7Ita2h9oM+PbIT+EDk2745IjFqbjFo+q/0jCwgYA2sQ6 pNQhPQdd6Ik5lDc58xLPEwoCKI2eM7TsrYUdp0uOTmZ68yuL+8PNLhKlaFdP8dt2 WHk3wee1OGyGuHEKOYSZCwBnt7BFQMcXXXx9VmQtW95kp9bA7om0hQERQJzMifML JuUk9Z9bovK+HBdO1zoaenNHs8ZJyTyYs2lXn1Z8ldnOEU9I85F1Nmr0S4geMRdu VgOMNumYr7O8M9XkCV6FuQ/vvmL3rjQ9A25umYzcxYZlnU1YKxOGCHBnIa3vas5U OQJuJ4rnUWKiCknQptn+VAiu90jHz1GtGDsSa/VjUe5KRb+vbkA85JDtwhhDjRPx QEzG8fEqYUS68GT/k8KXtVR3XM0OAzrVV89miW9cFX8C3reTtADCb09Z49f8qqnq d9gulgLiMrYsPby5XArVR6NltlYXpU9vG2jBFtVyk4xabiRJJJk= =4zqP -----END PGP SIGNATURE----- --plr4rvdeq7gdc5hf--