mirror of
https://github.com/lakinduakash/linux-wifi-hotspot.git
synced 2024-11-21 19:40:11 +00:00
Merge pull request #423 from swomf/polkit-write-anywhere
SECURITY: Prevent create_ap's --mkconfig switch from overwriting any file without explicit authorization
This commit is contained in:
commit
2cedd27e32
@ -1006,7 +1006,26 @@ send_stop() {
|
|||||||
write_config() {
|
write_config() {
|
||||||
local i=1
|
local i=1
|
||||||
|
|
||||||
if ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
|
# If using pkexec, evaluate permissions before writing.
|
||||||
|
# However, the /etc/create_ap.conf
|
||||||
|
# location is excepted.
|
||||||
|
if [[ "$STORE_CONFIG" != "/etc/create_ap.conf" && $PKEXEC_UID ]]; then
|
||||||
|
if [ -e "$STORE_CONFIG" ]; then
|
||||||
|
if ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$STORE_CONFIG"; then
|
||||||
|
echo "ERROR: 1 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
elif ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$(dirname "$STORE_CONFIG")"; then
|
||||||
|
echo "ERROR: 2 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# Assume that the user is making a conf file in a directory they normally
|
||||||
|
# have control over, and keep permissions strictly private. (i.e. they will
|
||||||
|
# need to run create_ap directly with sudo in order to write to, say, /etc/create_ap2.conf)
|
||||||
|
touch "$STORE_CONFIG"
|
||||||
|
chown "$(id -nu $PKEXEC_UID):$(id -ng $PKEXEC_GID)" "$STORE_CONFIG"
|
||||||
|
chmod 600 "$STORE_CONFIG"
|
||||||
|
elif ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
|
||||||
echo "ERROR: Unable to create config file $STORE_CONFIG" >&2
|
echo "ERROR: Unable to create config file $STORE_CONFIG" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user