Merge pull request #423 from swomf/polkit-write-anywhere

SECURITY: Prevent create_ap's --mkconfig switch from overwriting any file without explicit authorization
This commit is contained in:
Lakindu Akash 2024-11-09 15:42:14 +05:30 committed by GitHub
commit 2cedd27e32
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1006,7 +1006,26 @@ send_stop() {
write_config() {
local i=1
if ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
# If using pkexec, evaluate permissions before writing.
# However, the /etc/create_ap.conf
# location is excepted.
if [[ "$STORE_CONFIG" != "/etc/create_ap.conf" && $PKEXEC_UID ]]; then
if [ -e "$STORE_CONFIG" ]; then
if ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$STORE_CONFIG"; then
echo "ERROR: 1 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
exit 1
fi
elif ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$(dirname "$STORE_CONFIG")"; then
echo "ERROR: 2 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
exit 1
fi
# Assume that the user is making a conf file in a directory they normally
# have control over, and keep permissions strictly private. (i.e. they will
# need to run create_ap directly with sudo in order to write to, say, /etc/create_ap2.conf)
touch "$STORE_CONFIG"
chown "$(id -nu $PKEXEC_UID):$(id -ng $PKEXEC_GID)" "$STORE_CONFIG"
chmod 600 "$STORE_CONFIG"
elif ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
echo "ERROR: Unable to create config file $STORE_CONFIG" >&2
exit 1
fi