mirror of
https://github.com/fish-shell/fish-shell
synced 2025-01-12 21:18:53 +00:00
Fix for CVE-2014-2905 - fishd restart required.
- Use a secure path for sockets (some code used under license from tmux). - Provide the secure path in the environment as $__fish_runtime_dir. - Link the new path to the old path to ease migration from earlier versions. Closes #1359. After installing fish built from or after this commit, you MUST terminate all running fishd processes (`killall fishd`, `pkill fishd` or similar). Distributors are encouraged to do this from within their packaging scripts. fishd will restart automatically, and no data should be lost.
This commit is contained in:
parent
af14cf8f8b
commit
4cb4fc3ef8
10 changed files with 172 additions and 47 deletions
70
common.cpp
70
common.cpp
|
@ -24,6 +24,7 @@ parts of fish.
|
|||
#include <stdio.h>
|
||||
#include <dirent.h>
|
||||
#include <sys/types.h>
|
||||
#include <pwd.h>
|
||||
|
||||
#ifdef HAVE_SYS_IOCTL_H
|
||||
#include <sys/ioctl.h>
|
||||
|
@ -2342,3 +2343,72 @@ char **make_null_terminated_array(const std::vector<std::string> &lst)
|
|||
{
|
||||
return make_null_terminated_array_helper(lst);
|
||||
}
|
||||
|
||||
/**
|
||||
Check, and create if necessary, a secure runtime path
|
||||
Derived from tmux.c in tmux (http://tmux.sourceforge.net/)
|
||||
*/
|
||||
static int check_runtime_path(const char * path)
|
||||
{
|
||||
/*
|
||||
* Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
struct stat statpath;
|
||||
u_int uid = geteuid();
|
||||
|
||||
if (mkdir(path, S_IRWXU) != 0 && errno != EEXIST)
|
||||
return errno;
|
||||
if (lstat(path, &statpath) != 0)
|
||||
return errno;
|
||||
if (!S_ISDIR(statpath.st_mode)
|
||||
|| statpath.st_uid != uid
|
||||
|| (statpath.st_mode & (S_IRWXG|S_IRWXO)) != 0)
|
||||
return EACCES;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Return the path of an appropriate runtime data directory */
|
||||
const char* common_get_runtime_path(void)
|
||||
{
|
||||
const char *dir = getenv("XDG_RUNTIME_DIR");
|
||||
const char *uname = getenv("USER");
|
||||
|
||||
if (uname == NULL)
|
||||
{
|
||||
const struct passwd *pw = getpwuid(getuid());
|
||||
uname = pw->pw_name;
|
||||
}
|
||||
|
||||
if (dir == NULL)
|
||||
{
|
||||
// /tmp/fish.user
|
||||
dir = "/tmp/fish.";
|
||||
std::string path;
|
||||
path.reserve(strlen(dir) + strlen(uname));
|
||||
path.append(dir);
|
||||
path.append(uname);
|
||||
if (check_runtime_path(path.c_str()) != 0)
|
||||
{
|
||||
debug(0, L"Couldn't create secure runtime path: '%s'", path.c_str());
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
return strdup(path.c_str());
|
||||
}
|
||||
else
|
||||
{
|
||||
return dir;
|
||||
}
|
||||
}
|
||||
|
|
2
common.h
2
common.h
|
@ -813,5 +813,7 @@ extern "C" {
|
|||
__attribute__((noinline)) void debug_thread_error(void);
|
||||
}
|
||||
|
||||
/** Return the path of an appropriate runtime data directory */
|
||||
const char* common_get_runtime_path(void);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1400,6 +1400,26 @@ POSSIBILITY OF SUCH DAMAGES.
|
|||
|
||||
<P>
|
||||
|
||||
<h2>License for code derived from tmux</h2>
|
||||
|
||||
Fish contains code derived from
|
||||
<a href="http://tmux.sourceforge.net">tmux</a>, made available under an ISC
|
||||
license.
|
||||
<p>
|
||||
Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
|
||||
<p>
|
||||
Permission to use, copy, modify, and distribute this software for any
|
||||
purpose with or without fee is hereby granted, provided that the above
|
||||
copyright notice and this permission notice appear in all copies.
|
||||
<p>
|
||||
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
*/
|
||||
|
||||
\htmlonly </div> \endhtmlonly
|
||||
|
|
7
env.cpp
7
env.cpp
|
@ -57,7 +57,7 @@
|
|||
#include "complete.h"
|
||||
|
||||
/** Command used to start fishd */
|
||||
#define FISHD_CMD L"fishd ^ /tmp/fishd.log.%s"
|
||||
#define FISHD_CMD L"fishd ^ $__fish_runtime_dir/fishd.log.%s"
|
||||
|
||||
// Version for easier debugging
|
||||
//#define FISHD_CMD L"fishd"
|
||||
|
@ -618,10 +618,11 @@ void env_init(const struct config_paths_t *paths /* or NULL */)
|
|||
env_set(L"version", version.c_str(), ENV_GLOBAL);
|
||||
env_set(L"FISH_VERSION", version.c_str(), ENV_GLOBAL);
|
||||
|
||||
const env_var_t fishd_dir_wstr = env_get_string(L"FISHD_SOCKET_DIR");
|
||||
const env_var_t user_dir_wstr = env_get_string(L"USER");
|
||||
|
||||
wchar_t * fishd_dir = fishd_dir_wstr.missing()?NULL:const_cast<wchar_t*>(fishd_dir_wstr.c_str());
|
||||
const char * fishd_dir = common_get_runtime_path();
|
||||
env_set(L"__fish_runtime_dir", str2wcstring(fishd_dir).c_str(), ENV_GLOBAL);
|
||||
|
||||
wchar_t * user_dir = user_dir_wstr.missing()?NULL:const_cast<wchar_t*>(user_dir_wstr.c_str());
|
||||
|
||||
env_universal_init(fishd_dir , user_dir ,
|
||||
|
|
|
@ -61,7 +61,7 @@ static int get_socket_count = 0;
|
|||
#define DEFAULT_RETRY_COUNT 15
|
||||
#define DEFAULT_RETRY_DELAY 0.2
|
||||
|
||||
static wchar_t * path;
|
||||
static const char * path;
|
||||
static wchar_t *user;
|
||||
static void (*start_fishd)();
|
||||
static void (*external_callback)(fish_message_type_t type, const wchar_t *name, const wchar_t *val);
|
||||
|
@ -82,48 +82,19 @@ static int try_get_socket_once(void)
|
|||
{
|
||||
int s;
|
||||
|
||||
wchar_t *wdir;
|
||||
wchar_t *wuname;
|
||||
char *dir = 0;
|
||||
|
||||
wdir = path;
|
||||
wuname = user;
|
||||
|
||||
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
|
||||
{
|
||||
wperror(L"socket");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (wdir)
|
||||
dir = wcs2str(wdir);
|
||||
else
|
||||
dir = strdup("/tmp");
|
||||
|
||||
std::string uname;
|
||||
if (wuname)
|
||||
{
|
||||
uname = wcs2string(wuname);
|
||||
}
|
||||
else
|
||||
{
|
||||
struct passwd *pw = getpwuid(getuid());
|
||||
if (pw && pw->pw_name)
|
||||
{
|
||||
uname = pw->pw_name;
|
||||
}
|
||||
}
|
||||
|
||||
std::string name;
|
||||
name.reserve(strlen(dir) + uname.size() + strlen(SOCK_FILENAME) + 2);
|
||||
name.append(dir);
|
||||
name.append("/");
|
||||
name.reserve(strlen(path) + strlen(SOCK_FILENAME) + 1);
|
||||
name.append(path);
|
||||
name.push_back('/');
|
||||
name.append(SOCK_FILENAME);
|
||||
name.append(uname);
|
||||
|
||||
free(dir);
|
||||
|
||||
debug(3, L"Connect to socket %s at fd %2", name.c_str(), s);
|
||||
debug(3, L"Connect to socket %s at fd %d", name.c_str(), s);
|
||||
|
||||
struct sockaddr_un local = {};
|
||||
local.sun_family = AF_UNIX;
|
||||
|
@ -271,7 +242,7 @@ static void reconnect()
|
|||
}
|
||||
|
||||
|
||||
void env_universal_init(wchar_t * p,
|
||||
void env_universal_init(const char * p,
|
||||
wchar_t *u,
|
||||
void (*sf)(),
|
||||
void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val))
|
||||
|
|
|
@ -17,7 +17,7 @@ extern connection_t env_universal_server;
|
|||
/**
|
||||
Initialize the envuni library
|
||||
*/
|
||||
void env_universal_init(wchar_t * p,
|
||||
void env_universal_init(const char * p,
|
||||
wchar_t *u,
|
||||
void (*sf)(),
|
||||
void (*cb)(fish_message_type_t type, const wchar_t *name, const wchar_t *val));
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
#include <locale.h>
|
||||
#include <dirent.h>
|
||||
#include <signal.h>
|
||||
#include <sys/stat.h>
|
||||
#include <map>
|
||||
|
||||
#ifdef HAVE_SYS_SELECT_H
|
||||
|
@ -86,6 +85,13 @@
|
|||
*/
|
||||
#define ENV_UNIVERSAL_EOF 0x102
|
||||
|
||||
/**
|
||||
Maximum length of socket filename
|
||||
*/
|
||||
#ifndef UNIX_PATH_MAX
|
||||
#define UNIX_PATH_MAX 100
|
||||
#endif
|
||||
|
||||
/**
|
||||
A variable entry. Stores the value of a variable and whether it
|
||||
should be exported. Obviously, it needs to be allocated large
|
||||
|
@ -417,7 +423,7 @@ void env_universal_common_init(void (*cb)(fish_message_type_t type, const wchar_
|
|||
}
|
||||
|
||||
/**
|
||||
Read one byte of date form the specified connection
|
||||
Read one byte of date from the specified connection
|
||||
*/
|
||||
static int read_byte(connection_t *src)
|
||||
{
|
||||
|
|
|
@ -33,9 +33,9 @@
|
|||
|
||||
|
||||
/**
|
||||
The filename to use for univeral variables. The username is appended
|
||||
The filename to use for univeral variables.
|
||||
*/
|
||||
#define SOCK_FILENAME "fishd.socket."
|
||||
#define SOCK_FILENAME "fishd.socket"
|
||||
|
||||
/**
|
||||
The different types of commands that can be sent between client/server
|
||||
|
@ -133,6 +133,11 @@ void try_send_all(connection_t *c);
|
|||
*/
|
||||
message_t *create_message(fish_message_type_t type, const wchar_t *key, const wchar_t *val);
|
||||
|
||||
/**
|
||||
Constructs the fish socket filename
|
||||
*/
|
||||
std::string env_universal_common_get_socket_filename(void);
|
||||
|
||||
/**
|
||||
Init the library
|
||||
*/
|
||||
|
|
|
@ -1033,7 +1033,7 @@ static void init(int mangle_descriptors, int out)
|
|||
}
|
||||
|
||||
|
||||
env_universal_init(0, 0, 0, 0);
|
||||
env_universal_init("", 0, 0, 0);
|
||||
input_common_init(&interrupt_handler);
|
||||
output_set_writer(&pager_buffered_writer);
|
||||
|
||||
|
|
56
fishd.cpp
56
fishd.cpp
|
@ -158,6 +158,27 @@ static int quit=0;
|
|||
Constructs the fish socket filename
|
||||
*/
|
||||
static std::string get_socket_filename(void)
|
||||
{
|
||||
const char *dir = common_get_runtime_path();
|
||||
|
||||
std::string name;
|
||||
name.reserve(strlen(dir) + strlen(SOCK_FILENAME) + 1);
|
||||
name.append(dir);
|
||||
name.push_back('/');
|
||||
name.append(SOCK_FILENAME);
|
||||
|
||||
if (name.size() >= UNIX_PATH_MAX)
|
||||
{
|
||||
debug(1, L"Filename too long: '%s'", name.c_str());
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
return name;
|
||||
}
|
||||
|
||||
/**
|
||||
Constructs the legacy socket filename
|
||||
*/
|
||||
static std::string get_old_socket_filename(void)
|
||||
{
|
||||
const char *dir = getenv("FISHD_SOCKET_DIR");
|
||||
char *uname = getenv("USER");
|
||||
|
@ -174,10 +195,9 @@ static std::string get_socket_filename(void)
|
|||
}
|
||||
|
||||
std::string name;
|
||||
name.reserve(strlen(dir)+ strlen(uname)+ strlen(SOCK_FILENAME) + 1);
|
||||
name.reserve(strlen(dir)+ strlen(uname)+ strlen("fishd.socket.") + 1);
|
||||
name.append(dir);
|
||||
name.push_back('/');
|
||||
name.append(SOCK_FILENAME);
|
||||
name.append("/fishd.socket.");
|
||||
name.append(uname);
|
||||
|
||||
if (name.size() >= UNIX_PATH_MAX)
|
||||
|
@ -541,6 +561,7 @@ repeat:
|
|||
int exitcode = EXIT_FAILURE;
|
||||
struct sockaddr_un local;
|
||||
const std::string sock_name = get_socket_filename();
|
||||
const std::string old_sock_name = get_old_socket_filename();
|
||||
|
||||
/*
|
||||
Start critical section protected by lock
|
||||
|
@ -598,6 +619,19 @@ repeat:
|
|||
doexit = 1;
|
||||
}
|
||||
|
||||
// Attempt to hardlink the old socket name so that old versions of fish keep working on upgrade
|
||||
// Not critical if it fails
|
||||
if (unlink(old_sock_name.c_str()) != 0 && errno != ENOENT)
|
||||
{
|
||||
debug(0, L"Could not create legacy socket path");
|
||||
wperror(L"unlink");
|
||||
}
|
||||
else if (link(sock_name.c_str(), old_sock_name.c_str()) != 0)
|
||||
{
|
||||
debug(0, L"Could not create legacy socket path");
|
||||
wperror(L"link");
|
||||
}
|
||||
|
||||
unlock:
|
||||
(void)unlink(lockfile.c_str());
|
||||
debug(4, L"Released lockfile: %s", lockfile.c_str());
|
||||
|
@ -872,6 +906,18 @@ static void init()
|
|||
load();
|
||||
}
|
||||
|
||||
/**
|
||||
Clean up behind ourselves
|
||||
*/
|
||||
static void cleanup()
|
||||
{
|
||||
if (unlink(get_old_socket_filename().c_str()) != 0)
|
||||
{
|
||||
debug(0, L"Could not remove legacy socket path");
|
||||
wperror(L"unlink");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
Main function for fishd
|
||||
*/
|
||||
|
@ -973,6 +1019,7 @@ int main(int argc, char ** argv)
|
|||
if (quit)
|
||||
{
|
||||
save();
|
||||
cleanup();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
@ -982,6 +1029,7 @@ int main(int argc, char ** argv)
|
|||
if (errno != EINTR)
|
||||
{
|
||||
wperror(L"select");
|
||||
cleanup();
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
@ -994,6 +1042,7 @@ int main(int argc, char ** argv)
|
|||
&t)) == -1)
|
||||
{
|
||||
wperror(L"accept");
|
||||
cleanup();
|
||||
exit(1);
|
||||
}
|
||||
else
|
||||
|
@ -1070,6 +1119,7 @@ int main(int argc, char ** argv)
|
|||
{
|
||||
debug(0, L"No more clients. Quitting");
|
||||
save();
|
||||
cleanup();
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue