From patchwork Tue Nov 28 23:17:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohamed Belouarga X-Patchwork-Id: 1869493 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=Vwg6WYFf; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=iuqK0CbB; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::538; helo=mail-ed1-x538.google.com; envelope-from=swupdate+bncbcior6fiyqjbbgxktgvqmgqenr6422y@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-ed1-x538.google.com (mail-ed1-x538.google.com [IPv6:2a00:1450:4864:20::538]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sfyzh2Z1xz1ySY for ; Wed, 29 Nov 2023 10:17:50 +1100 (AEDT) Received: by mail-ed1-x538.google.com with SMTP id 4fb4d7f45d1cf-54af6c23f5asf3330637a12.0 for ; Tue, 28 Nov 2023 15:17:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701213467; cv=pass; d=google.com; s=arc-20160816; b=DXU9zACVy57b9qLykY2O0OUsMtqkmp/VyR5XpMEPWSnBhfmr0BSpwcsKuGz+JOsSWg ya/7aq5wrRCoMb0WkJv4TLhyA5/3H5K+qXYOCZI4kkTmuPLOQcBve3bbxdqMXsIYBBUT 5hrBrH4ylh0yBJINXRGFt+RdeNOKVQL+++egJqBBPPFBYRzN2zPXDN053rBTf51ttnVv 9+1AVoqPX/865dXtk+mVjU4E63FygAszkqddr/FJJXITiUlJpVlqKyeF84KEW2iEl1wi EyRaFg/9Teuw+1cxlFNRWq+WsprlNc1e4iiTMTUA1SyBQdiG0q3ON0moJTrKgE6gGfCA fNRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature:dkim-signature; bh=CF6yMLRtemlUXkeZqkJVg1uRbM/fwyBw9nINXGsIXYI=; fh=o966QMgx0LdDyY55szUoyqTUEeNdULCJtax9wyYFyss=; b=Ui1HBjmYPB6D32qUc7bqXQn4/OdhXTXkQG5GZDxie4pLq//g5zL57ni140E0d+xQw5 t8NyPoCSVxxeE/1SrTkU+JlG00DUpMEghSWhegvcvyQQrtvhG7RHvTV/y1Z8LItWszUq +wmXv2+lxQeRx8eFSyMewloN1Z7zSDotCsB1MSMER37HNwOuNlHEJ4yTk3xHTrN39c2I YWSjUFHiHBtun1e9uPo0Al0YU90StEFpIqSXyoH2ylKVK3C9kwb+gXqg/jl7P+NEByV6 B95z+fAmWb4WVtcu8x1PK1hQwCfQsykyxVNalE5f6csMfiK4Dkjx32vs/tBYN+6Uk/4O yJ8g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="ixt9C/wC"; spf=pass (google.com: domain of belouargamohamed@gmail.com designates 2a00:1450:4864:20::130 as permitted sender) smtp.mailfrom=belouargamohamed@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1701213467; x=1701818267; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=CF6yMLRtemlUXkeZqkJVg1uRbM/fwyBw9nINXGsIXYI=; b=Vwg6WYFf/tJf5YzQR8vL8C8LZemCZf7ZKa9N5RxVTn/0aflbZYcu4qa7YqoRPz+PR6 oblQ/FDyvCacXkCq5g6v+mi8/B1ZDZlp92BXHM7lJpKyUt+Uh/kIvYulK1RSqwd8E5P1 FF4pThOtGAus23BqpAV7g4hPw9/NOvOkAcPC6E4CYPCnOTXLG9m207acpG88wbgPGZB1 hBORdEbdxJHoAizjKEkfe8BdWaUlGXPynfKVq0B+X/AOom8vYfxMsVxMfz9qVbq/rk3/ 5gMlzYcFXFXU9FopyiitJyMQhRfiRwo/6rDJMsrk2QNU1+jUWHM3NbKkAM8WQmji5//E bmPQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701213467; x=1701818267; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=CF6yMLRtemlUXkeZqkJVg1uRbM/fwyBw9nINXGsIXYI=; b=iuqK0CbBIN59oE8vvLxwcNnCh+hvairn8OLxLojsslE9sEaVyVmQmJs5rPVx7Yt+RS rZ0vYkqUAi+1n+tMLApgw+GX4+JZjfmJ65xLU9Bj4j9YHP5x956XDvENRZF6PYwghRc4 2gylSwBbO3fIxgEwQ5eUq5dF3plHhIOZHwUwirCkv353neB9EsyO5iX9pYOPL5dDvYAA qQyNdY1ODxAIKUeKPljrb0/ixrLMXAOiRd2yv0vOAM4KZRh/HOHEr8KsJ0U5jrMc1zli OJsuC9vgXLH2w2F4IvZbrmuv1XqH5upH+qjxO5zy9SjW3fJNqHsW295Y9eatpKIvXS0X 5KJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701213467; x=1701818267; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=CF6yMLRtemlUXkeZqkJVg1uRbM/fwyBw9nINXGsIXYI=; b=crLq+Rsig2nQ7AcM7eVXSQ3V3y6Ooxpd/mDH7moY/uSG7Z5bixgAfJs+R99FDJ4oAq t0iEVhUPxgsJ+NZuBQhJw5OB/7ZPOH0YFOO+H/60+AFEXMN14rveQw04MMpP05ZeZVrI 9FTxM7Pe/kmEym4xwvGuTNYeT3VQF7Afx/XVOde7gUy9PTMJ+v1k+zfgK4zpmI70XE7L hB5zrp+TO8KOckPgopo26cYmBCWn0qyPHfpQNsi9bBOr1Q5dEJHr6EZYdMCw7iZ+Z4EQ b3sChEgwdhwQw5t93LknvuVl/8Yq/GNH8W5+HSLEi4dhpC0bBAFP2cZCnjMFko+MSN44 5gKA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YyazN/2JeoLa0nujfYMsn+I6zDX9CVwlR4rGpv29huQvw/HUHh4 yMUprl+qJKBJar70/HTK/nM= X-Google-Smtp-Source: AGHT+IGObiRMXdWbWI7bNBjvOxRfpbyvEEnmlC7TPhcGHvoYaczE9Oo/uJ+FAwAn/Alfeoco5z4aTw== X-Received: by 2002:a05:6402:514a:b0:54b:a7b:8198 with SMTP id n10-20020a056402514a00b0054b0a7b8198mr9312264edd.17.1701213467002; Tue, 28 Nov 2023 15:17:47 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:aa7:d497:0:b0:54b:50bf:b013 with SMTP id b23-20020aa7d497000000b0054b50bfb013ls490079edr.1.-pod-prod-09-eu; Tue, 28 Nov 2023 15:17:45 -0800 (PST) X-Received: by 2002:a17:906:8916:b0:9e6:1dc9:9807 with SMTP id fr22-20020a170906891600b009e61dc99807mr8058078ejc.77.1701213464691; Tue, 28 Nov 2023 15:17:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701213464; cv=none; d=google.com; s=arc-20160816; b=SuoxjD09p0/ZifDD9BpZ+K6DV+aKFKowSit0Zu1Ya4C6minGc8/dplD1Es/q4lRnDB D6M9UUdjjh+H6X98MRbL7Dyv3bYcamCdirxmG0MlnmA6qd8b0i99dH4izyJCa9Sn7K2M iVjoeSs6Vwnim0DQo0ei0pnZNc9R9HSeYouNmF4sjqDIuleAeLAgy90t9BBohTYH24t9 cvsLpYKcr17J/fYUUuA7X5RXUxxbPqacNooKIGio04jFsazRGTGOc7Mz2NrAqNgErE09 7grqmQFAQ0n2gjIvNMPenbYG4TWNcyG5pf0jGzvAFE4cUinKdTOBOC9Ez91LVk+ziXog OcRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=pBYVhM/YTQyG2gWlz34i/biB08FVcxm/IRye0oC8kDY=; fh=o966QMgx0LdDyY55szUoyqTUEeNdULCJtax9wyYFyss=; b=MxzwzpmYvWK/LAvuQuuRCwGLs/FJGvcM1y3pvYSZbNeCpeX96v2XXENQUwvG25vv3F Md6A3oCyNLs1tANTnVudQbnKawnXOwW7J8GrtYYP+gw8DDA1a9PYNB/83DNvymZd6TST MUPNfwljuhRZlgWasrtxRz79hAVc4obBjVamgTi+HRLlSZ4FbWoK2h8qKCHkcFQHFHTr 6JmlqyZxh6tCXED6kBl6QYMGr2yAuJjvtCGmrRK8tbZ7jsOHnceb4AApqixonW7e7+SH NQ0FunLbb3EH5EO87upsblHFJpNcz/E+CJBwJwXUVOKAt63b32tYb+ySCb9KKyx3D8NZ aHiQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="ixt9C/wC"; spf=pass (google.com: domain of belouargamohamed@gmail.com designates 2a00:1450:4864:20::130 as permitted sender) smtp.mailfrom=belouargamohamed@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com. [2a00:1450:4864:20::130]) by gmr-mx.google.com with ESMTPS id tj14-20020a170907c24e00b009e2c2a65c8asi822360ejc.0.2023.11.28.15.17.44 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Nov 2023 15:17:44 -0800 (PST) Received-SPF: pass (google.com: domain of belouargamohamed@gmail.com designates 2a00:1450:4864:20::130 as permitted sender) client-ip=2a00:1450:4864:20::130; Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-50bc4fe8158so95152e87.0 for ; Tue, 28 Nov 2023 15:17:44 -0800 (PST) X-Received: by 2002:a05:6512:3194:b0:507:9ef2:fb1c with SMTP id i20-20020a056512319400b005079ef2fb1cmr14225480lfe.2.1701213462903; Tue, 28 Nov 2023 15:17:42 -0800 (PST) Received: from localhost.localdomain ([2a02:8440:d206:3bf6:c69a:d0fa:6b20:c72a]) by smtp.gmail.com with ESMTPSA id cw16-20020a170907161000b00a1309d610d9sm1308913ejd.3.2023.11.28.15.17.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 15:17:40 -0800 (PST) From: belouargamohamed@gmail.com To: swupdate@googlegroups.com Cc: BELOUARGA Mohamed Subject: [swupdate] [PATCH] Add the possibility to set the sockets ownership Date: Wed, 29 Nov 2023 00:17:33 +0100 Message-Id: <20231128231733.17932-1-m.belouarga@technologyandstrategy.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Original-Sender: belouargamohamed@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="ixt9C/wC"; spf=pass (google.com: domain of belouargamohamed@gmail.com designates 2a00:1450:4864:20::130 as permitted sender) smtp.mailfrom=belouargamohamed@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , From: BELOUARGA Mohamed In many projects, where cybersecurity is important. It is needed to set sockets ownerships to be able to limit the risk of updating the system from a user without rights. This commit makes it possible to limit the communication with swupdate. Signed-off-by: BELOUARGA Mohamed --- Kconfig | 40 ++++++++++++++++++++++++++++++++++++++++ core/network_thread.c | 11 ++++++++++- core/network_utils.c | 31 ++++++++++++++++++++++++++++++- core/progress_thread.c | 11 ++++++++++- include/network_utils.h | 6 +++++- 5 files changed, 95 insertions(+), 4 deletions(-) diff --git a/Kconfig b/Kconfig index 5a3dc9a..f298952 100644 --- a/Kconfig +++ b/Kconfig @@ -218,11 +218,51 @@ config SOCKET_CTRL_PATH help Path to SWUpdate's IPC socket. +config SOCKET_CTRL_SET_OWNERSHIP + bool "SWUpdate control socket ownership" + default n + help + Enable setting the control socket owners (user and group) + +config SOCKET_CTRL_OWNER_USER + string "SWUpdate control user owner" + depends on SOCKET_CTRL_SET_OWNERSHIP + default "root" + help + The user that owns the control socket. + +config SOCKET_CTRL_OWNER_GRP + string "SWUpdate control socket group owner" + depends on SOCKET_CTRL_SET_OWNERSHIP + default "root" + help + The group that owns the control socket. + config SOCKET_PROGRESS_PATH string "SWUpdate progress socket path" help Path to the socket progress information is sent to. +config SOCKET_PROGRESS_SET_OWNERSHIP + bool "SWUpdate control socket ownership" + default n + help + Enable setting the progress socket owners (user and group). + +config SOCKET_PROGRESS_OWNER_USER + string "SWUpdate progress socket user owner" + depends on SOCKET_PROGRESS_SET_OWNERSHIP + default "root" + help + The user that owns the progress socket. + +config SOCKET_PROGRESS_OWNER_GRP + string "SWUpdate progress socket group owner" + depends on SOCKET_PROGRESS_SET_OWNERSHIP + default "root" + help + The group that owns the progress socket. + config SOCKET_NOTIFIER_DIRECTORY string "SWUpdate notifier socket directory" depends on HAVE_FREEBSD diff --git a/core/network_thread.c b/core/network_thread.c index ca23908..756505b 100644 --- a/core/network_thread.c +++ b/core/network_thread.c @@ -39,6 +39,14 @@ #define NUM_CACHED_MESSAGES 100 #define DEFAULT_INTERNAL_TIMEOUT 60 +#ifdef CONFIG_SOCKET_CTRL_SET_OWNERSHIP +static char* SOCKET_CTRL_OWNER_USER = (char*)CONFIG_SOCKET_CTRL_OWNER_USER; +static char* SOCKET_CTRL_OWNER_GRP = (char*)CONFIG_SOCKET_CTRL_OWNER_GRP; +#else +static char* SOCKET_CTRL_OWNER_USER = NULL; +static char* SOCKET_CTRL_OWNER_GRP = NULL; +#endif + struct msg_elem { RECOVERY_STATUS status; int error; @@ -396,7 +404,8 @@ void *network_thread (void *data) subprocess_ipc_handler_thread_id = start_thread(subprocess_thread, NULL); /* Initialize and bind to UDS */ - ctrllisten = listener_create(get_ctrl_socket(), SOCK_STREAM); + ctrllisten = listener_create(get_ctrl_socket(), SOCK_STREAM, + SOCKET_CTRL_OWNER_USER, SOCKET_CTRL_OWNER_GRP); if (ctrllisten < 0 ) { ERROR("Error creating IPC control socket"); exit(2); diff --git a/core/network_utils.c b/core/network_utils.c index 350c7f6..a9fddd6 100644 --- a/core/network_utils.c +++ b/core/network_utils.c @@ -13,6 +13,8 @@ #include #include #include +#include +#include #ifdef CONFIG_SYSTEMD #include @@ -34,10 +36,14 @@ SIMPLEQ_HEAD(self_sockets, socket_meta); static struct self_sockets sockets_toclose; -int listener_create(const char *path, int type) +int listener_create(const char *path, int type, + const char *owner_user, + const char *owner_grp) { struct sockaddr_un servaddr; int listenfd = -1; + struct passwd *pwd; + struct group *grp; #ifdef CONFIG_SYSTEMD for (int fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + sd_listen_fds(0); fd++) { @@ -84,6 +90,29 @@ int listener_create(const char *path, int type) close(listenfd); return -1; } + + if (owner_user != NULL && owner_grp != NULL) + { + /* Change socket ownership */ + pwd = getpwnam(owner_user); + grp = getgrnam(owner_grp); + if (pwd == NULL) + { + WARN("Could not get UID of %s", owner_user); + return -1; + } + else if (grp == NULL) + { + WARN("Could not get GID of %s", owner_grp); + return -1; + } + else if (chown(path, pwd->pw_uid, grp->gr_gid) == -1) + { + WARN("Could not change ownership of %s to user %s and group %s", + path, owner_user, owner_grp); + return -1; + } + } return listenfd; } diff --git a/core/progress_thread.c b/core/progress_thread.c index 90687f2..144b0ef 100644 --- a/core/progress_thread.c +++ b/core/progress_thread.c @@ -36,6 +36,14 @@ #include #endif +#ifdef CONFIG_SOCKET_PROGRESS_SET_OWNERSHIP +static char* SOCKET_PROGRESS_OWNER_USER = (char*)CONFIG_SOCKET_PROGRESS_OWNER_USER; +static char* SOCKET_PROGRESS_OWNER_GRP = (char*)CONFIG_SOCKET_PROGRESS_OWNER_GRP; +#else +static char* SOCKET_PROGRESS_OWNER_USER = NULL; +static char* SOCKET_PROGRESS_OWNER_GRP = NULL; +#endif + struct progress_conn { SIMPLEQ_ENTRY(progress_conn) next; int sockfd; @@ -266,7 +274,8 @@ void *progress_bar_thread (void __attribute__ ((__unused__)) *data) SIMPLEQ_INIT(&pprog->conns); /* Initialize and bind to UDS */ - listen = listener_create(get_prog_socket(), SOCK_STREAM); + listen = listener_create(get_prog_socket(), SOCK_STREAM, + SOCKET_PROGRESS_OWNER_USER, SOCKET_PROGRESS_OWNER_GRP); if (listen < 0 ) { ERROR("Error creating IPC socket %s, exiting.", get_prog_socket()); exit(2); diff --git a/include/network_utils.h b/include/network_utils.h index bbb1d17..de585be 100644 --- a/include/network_utils.h +++ b/include/network_utils.h @@ -11,9 +11,13 @@ * * \param path absolute path to socket file * \param type socket type of socket() + * \param owner_user The user owner of the socket + * \param owner_grp The group owner of the socket * \return fd on success, -1 on error */ -int listener_create(const char *path, int type); +int listener_create(const char *path, int type, + const char *owner_user, + const char *owner_grp); /** * \brief initialize unlink functionality for sockets