tmon: Check log file for common secuirty issues

The tmon logging system blindly opens its log file on a static path, making it
very easy for someone to redirect that log information to inappropriate places
or overwrite other users data.  Do some easy checking to make sure we're not
logging to a symlink or a file owned by another user.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
This commit is contained in:
Neil Horman 2014-06-17 16:05:08 -04:00 committed by Zhang Rui
parent 6b533269fb
commit 951fda3d8c
1 changed files with 24 additions and 0 deletions

View File

@ -142,6 +142,7 @@ static void start_syslog(void)
static void prepare_logging(void)
{
int i;
struct stat logstat;
if (!logging)
return;
@ -152,6 +153,29 @@ static void prepare_logging(void)
return;
}
if (lstat(TMON_LOG_FILE, &logstat) < 0) {
syslog(LOG_ERR, "Unable to stat log file %s\n", TMON_LOG_FILE);
fclose(tmon_log);
tmon_log = NULL;
return;
}
/* The log file must be a regular file owned by us */
if (S_ISLNK(logstat.st_mode)) {
syslog(LOG_ERR, "Log file is a symlink. Will not log\n");
fclose(tmon_log);
tmon_log = NULL;
return;
}
if (logstat.st_uid != getuid()) {
syslog(LOG_ERR, "We don't own the log file. Not logging\n");
fclose(tmon_log);
tmon_log = NULL;
return;
}
fprintf(tmon_log, "#----------- THERMAL SYSTEM CONFIG -------------\n");
for (i = 0; i < ptdata.nr_tz_sensor; i++) {
char binding_str[33]; /* size of long + 1 */