2008-11-01 23:14:12 +01:00
|
|
|
# vim:sw=4:et
|
|
|
|
#############################################################################
|
|
|
|
# File : CheckSUIDPermissions.py
|
|
|
|
# Package : rpmlint
|
|
|
|
# Author : Ludwig Nussel
|
|
|
|
# Purpose : Check for /etc/permissions violations
|
|
|
|
#############################################################################
|
|
|
|
|
|
|
|
from Filter import *
|
|
|
|
import AbstractCheck
|
|
|
|
import re
|
|
|
|
import os
|
|
|
|
import string
|
2010-11-05 16:07:58 +01:00
|
|
|
import rpm
|
2008-11-01 23:14:12 +01:00
|
|
|
|
|
|
|
_permissions_d_whitelist = (
|
|
|
|
"lprng",
|
|
|
|
"lprng.paranoid",
|
|
|
|
"mail-server",
|
|
|
|
"mail-server.paranoid",
|
|
|
|
"postfix",
|
|
|
|
"postfix.paranoid",
|
|
|
|
"sendmail",
|
|
|
|
"sendmail.paranoid",
|
|
|
|
"squid",
|
|
|
|
"texlive",
|
|
|
|
"texlive.paranoid",
|
|
|
|
)
|
|
|
|
|
|
|
|
class SUIDCheck(AbstractCheck.AbstractCheck):
|
|
|
|
def __init__(self):
|
|
|
|
AbstractCheck.AbstractCheck.__init__(self, "CheckSUIDPermissions")
|
|
|
|
self.perms = {}
|
|
|
|
files = [ "/etc/permissions", "/etc/permissions.secure" ]
|
|
|
|
|
|
|
|
for file in files:
|
|
|
|
if os.path.exists(file):
|
|
|
|
self._parsefile(file)
|
|
|
|
|
|
|
|
def _parsefile(self,file):
|
2010-11-05 16:07:58 +01:00
|
|
|
lnr = 0
|
|
|
|
lastfn = None
|
2008-11-01 23:14:12 +01:00
|
|
|
for line in open(file):
|
2010-11-05 16:07:58 +01:00
|
|
|
lnr+=1
|
2008-11-01 23:14:12 +01:00
|
|
|
line = line.split('#')[0].split('\n')[0]
|
2010-11-05 16:07:58 +01:00
|
|
|
line = line.lstrip()
|
|
|
|
if not len(line):
|
|
|
|
continue
|
|
|
|
|
|
|
|
if line.startswith("+capabilities "):
|
|
|
|
line = line[len("+capabilities "):]
|
|
|
|
if lastfn:
|
|
|
|
self.perms[lastfn]['fscaps'] = line
|
|
|
|
continue
|
|
|
|
|
|
|
|
line = re.split(r'\s+', line)
|
|
|
|
if len(line) == 3:
|
2008-11-01 23:14:12 +01:00
|
|
|
fn = line[0]
|
|
|
|
owner = line[1].replace('.', ':')
|
|
|
|
mode = line[2]
|
|
|
|
|
|
|
|
self.perms[fn] = { "owner" : owner, "mode" : int(mode,8)&07777}
|
2010-11-05 16:07:58 +01:00
|
|
|
# for permissions that don't change and therefore
|
|
|
|
# don't need special handling
|
|
|
|
if file == '/etc/permissions':
|
|
|
|
self.perms[fn]['static'] = True
|
|
|
|
else:
|
|
|
|
print >>sys.stderr, "invalid line %d " % lnr
|
2008-11-01 23:14:12 +01:00
|
|
|
|
|
|
|
def check(self, pkg):
|
|
|
|
global _permissions_d_whitelist
|
|
|
|
|
|
|
|
if pkg.isSource():
|
|
|
|
return
|
|
|
|
|
|
|
|
files = pkg.files()
|
|
|
|
|
|
|
|
permfiles = {}
|
|
|
|
# first pass, find and parse permissions.d files
|
2009-08-21 18:19:06 +02:00
|
|
|
for f in files.keys():
|
2008-11-01 23:14:12 +01:00
|
|
|
if f in pkg.ghostFiles():
|
|
|
|
continue
|
|
|
|
|
|
|
|
if f.startswith("/etc/permissions.d/"):
|
|
|
|
|
|
|
|
bn = f[19:]
|
|
|
|
if not bn in _permissions_d_whitelist:
|
|
|
|
printError(pkg, "permissions-unauthorized-file", f)
|
|
|
|
|
|
|
|
bn = bn.split('.')[0]
|
|
|
|
if not bn in permfiles:
|
|
|
|
permfiles[bn] = 1
|
|
|
|
|
|
|
|
for f in permfiles:
|
|
|
|
f = pkg.dirName() + "/etc/permissions.d/" + f
|
|
|
|
if os.path.exists(f+".secure"):
|
|
|
|
self._parsefile(f + ".secure")
|
|
|
|
else:
|
|
|
|
self._parsefile(f)
|
|
|
|
|
2010-11-18 17:53:51 +01:00
|
|
|
need_set_permissions = False
|
|
|
|
found_suseconfig = False
|
2008-11-01 23:14:12 +01:00
|
|
|
# second pass, find permissions violations
|
2009-08-21 18:19:06 +02:00
|
|
|
for f, pkgfile in files.items():
|
2010-11-05 16:07:58 +01:00
|
|
|
|
|
|
|
if pkgfile.filecaps:
|
|
|
|
printError(pkg, 'permissions-fscaps', '%(file)s has fscaps "%(caps)s"' % \
|
|
|
|
{ 'file':f, 'caps':pkgfile.filecaps})
|
|
|
|
|
2009-08-21 18:19:06 +02:00
|
|
|
mode = pkgfile.mode
|
|
|
|
owner = pkgfile.user+':'+pkgfile.group
|
2008-11-01 23:14:12 +01:00
|
|
|
|
|
|
|
# S_IFSOCK 014 socket
|
|
|
|
# S_IFLNK 012 symbolic link
|
|
|
|
# S_IFREG 010 regular file
|
|
|
|
# S_IFBLK 006 block device
|
|
|
|
# S_IFDIR 004 directory
|
|
|
|
# S_IFCHR 002 character device
|
|
|
|
# S_IFIFO 001 FIFO
|
|
|
|
type = (mode>>12)&017;
|
|
|
|
mode &= 07777
|
2010-11-05 16:07:58 +01:00
|
|
|
need_verifyscript = False
|
2008-11-01 23:14:12 +01:00
|
|
|
if f in self.perms or (type == 04 and f+"/" in self.perms):
|
|
|
|
if type == 012:
|
|
|
|
printWarning(pkg, "permissions-symlink", f)
|
|
|
|
continue
|
|
|
|
|
2010-11-05 16:07:58 +01:00
|
|
|
need_verifyscript = True
|
|
|
|
|
2008-11-01 23:14:12 +01:00
|
|
|
m = 0
|
|
|
|
o = "invalid"
|
|
|
|
if type == 04:
|
|
|
|
if f in self.perms:
|
2008-11-04 17:53:47 +01:00
|
|
|
printWarning(pkg, 'permissions-dir-without-slash', f)
|
2008-11-01 23:14:12 +01:00
|
|
|
else:
|
|
|
|
f += '/'
|
|
|
|
|
2011-05-10 13:38:20 +02:00
|
|
|
if type == 010:
|
|
|
|
if not 'shared object' in pkgfile.magic:
|
|
|
|
printError(pkg, 'not-a-position-independent-executable', f)
|
|
|
|
|
2008-11-01 23:14:12 +01:00
|
|
|
m = self.perms[f]['mode']
|
|
|
|
o = self.perms[f]['owner']
|
|
|
|
|
|
|
|
if mode != m:
|
|
|
|
printError(pkg, 'permissions-incorrect', '%(file)s has mode 0%(mode)o but should be 0%(m)o' % \
|
|
|
|
{ 'file':f, 'mode':mode, 'm':m })
|
|
|
|
|
|
|
|
if owner != o:
|
|
|
|
printError(pkg, 'permissions-incorrect-owner', '%(file)s belongs to %(owner)s but should be %(o)s' % \
|
|
|
|
{ 'file':f, 'owner':owner, 'o':o })
|
|
|
|
|
|
|
|
elif type != 012:
|
|
|
|
|
|
|
|
if f+'/' in self.perms:
|
|
|
|
printWarning(pkg, 'permissions-file-as-dir', f+' is a file but listed as directory')
|
|
|
|
|
|
|
|
if mode&06000:
|
2010-11-05 16:07:58 +01:00
|
|
|
need_verifyscript = True
|
2008-11-01 23:14:12 +01:00
|
|
|
msg = '%(file)s is packaged with setuid/setgid bits (0%(mode)o)' % { 'file':f, 'mode':mode }
|
|
|
|
if type != 04:
|
2008-11-04 17:53:47 +01:00
|
|
|
printError(pkg, 'permissions-file-setuid-bit', msg)
|
2008-11-01 23:14:12 +01:00
|
|
|
else:
|
2008-11-04 17:53:47 +01:00
|
|
|
printWarning(pkg, 'permissions-directory-setuid-bit', msg)
|
2008-11-01 23:14:12 +01:00
|
|
|
|
2011-05-10 13:38:20 +02:00
|
|
|
if type == 010:
|
|
|
|
if not 'shared object' in pkgfile.magic:
|
|
|
|
printError(pkg, 'not-a-position-independent-executable', f)
|
|
|
|
|
2008-11-01 23:14:12 +01:00
|
|
|
if mode&02:
|
2010-11-05 16:07:58 +01:00
|
|
|
need_verifyscript = True
|
2008-11-01 23:14:12 +01:00
|
|
|
printError(pkg, 'permissions-world-writable', \
|
|
|
|
'%(file)s is packaged with world writable permissions (0%(mode)o)' % \
|
|
|
|
{ 'file':f, 'mode':mode })
|
|
|
|
|
2011-04-21 12:12:02 +02:00
|
|
|
script = pkg[rpm.RPMTAG_POSTIN] or pkg[rpm.RPMTAG_POSTINPROG]
|
|
|
|
found = False
|
|
|
|
if script:
|
|
|
|
for line in script.split("\n"):
|
|
|
|
if "chkstat -n" in line and f in line:
|
|
|
|
found = True
|
|
|
|
break
|
|
|
|
|
|
|
|
if "SuSEconfig --module permissions" in line:
|
|
|
|
found = True
|
|
|
|
found_suseconfig = True
|
|
|
|
break
|
|
|
|
|
2010-11-05 16:07:58 +01:00
|
|
|
if need_verifyscript and \
|
|
|
|
(not f in self.perms or not 'static' in self.perms[f]):
|
2011-04-21 12:12:02 +02:00
|
|
|
|
|
|
|
if not script or not found:
|
|
|
|
printError(pkg, 'permissions-missing-postin', \
|
|
|
|
"missing %%set_permissions %s in %%post" % f)
|
|
|
|
|
2010-11-18 17:53:51 +01:00
|
|
|
need_set_permissions = True
|
2010-11-05 16:07:58 +01:00
|
|
|
script = pkg[rpm.RPMTAG_VERIFYSCRIPT] or pkg[rpm.RPMTAG_VERIFYSCRIPTPROG]
|
2010-11-18 17:53:51 +01:00
|
|
|
|
|
|
|
found = False
|
|
|
|
if script:
|
|
|
|
for line in script.split("\n"):
|
|
|
|
if "/chkstat" in line and f in line:
|
|
|
|
found = True
|
|
|
|
break
|
|
|
|
|
|
|
|
if not script or not found:
|
|
|
|
printWarning(pkg, 'permissions-missing-verifyscript', \
|
2010-11-05 16:07:58 +01:00
|
|
|
"missing %%verify_permissions -e %s" % f)
|
|
|
|
|
|
|
|
|
2010-11-18 17:53:51 +01:00
|
|
|
if need_set_permissions:
|
2010-11-05 16:07:58 +01:00
|
|
|
if not 'permissions' in map(lambda x: x[0], pkg.prereq()):
|
|
|
|
printError(pkg, 'permissions-missing-requires', \
|
|
|
|
"missing 'permissions' in PreReq")
|
|
|
|
|
2010-11-18 17:53:51 +01:00
|
|
|
if found_suseconfig:
|
|
|
|
printInfo(pkg, 'permissions-suseconfig-obsolete', \
|
|
|
|
"%run_permissions is obsolete")
|
2008-11-01 23:14:12 +01:00
|
|
|
|
|
|
|
check=SUIDCheck()
|
|
|
|
|
|
|
|
if Config.info:
|
|
|
|
addDetails(
|
|
|
|
'permissions-unauthorized-file',
|
2010-10-28 13:38:59 +02:00
|
|
|
"""If the package is intended for inclusion in any SUSE product
|
|
|
|
please open a bug report to request review of the package by the
|
|
|
|
security team""",
|
2008-11-01 23:14:12 +01:00
|
|
|
'permissions-symlink',
|
|
|
|
"""permissions handling for symlinks is useless. Please contact
|
|
|
|
security@suse.de to remove the entry.""",
|
|
|
|
'permissions-dir-without-slash',
|
|
|
|
"""the entry in the permissions file refers to a directory. Please
|
|
|
|
contact security@suse.de to append a slash to the entry in order to
|
|
|
|
avoid security problems.""",
|
|
|
|
'permissions-file-as-dir',
|
|
|
|
"""the entry in the permissions file refers to a directory but the
|
|
|
|
package actually contains a file. Please contact security@suse.de to
|
|
|
|
remove the slash.""",
|
|
|
|
'permissions-incorrect',
|
|
|
|
"""please use the %attr macro to set the correct permissions.""",
|
|
|
|
'permissions-incorrect-owner',
|
|
|
|
"""please use the %attr macro to set the correct ownership.""",
|
2008-11-04 17:53:47 +01:00
|
|
|
'permissions-file-setuid-bit',
|
2010-10-28 13:38:59 +02:00
|
|
|
"""If the package is intended for inclusion in any SUSE product
|
|
|
|
please open a bug report to request review of the program by the
|
|
|
|
security team""",
|
2008-11-04 17:53:47 +01:00
|
|
|
'permissions-directory-setuid-bit',
|
2010-10-28 13:38:59 +02:00
|
|
|
"""If the package is intended for inclusion in any SUSE product
|
|
|
|
please open a bug report to request review of the package by the
|
|
|
|
security team""",
|
2008-11-01 23:14:12 +01:00
|
|
|
'permissions-world-writable',
|
2010-10-28 13:38:59 +02:00
|
|
|
"""If the package is intended for inclusion in any SUSE product
|
|
|
|
please open a bug report to request review of the package by the
|
|
|
|
security team""",
|
2010-11-05 16:07:58 +01:00
|
|
|
'permissions-fscaps',
|
|
|
|
"""Packaging file capabilities is currently not supported. Please
|
|
|
|
use normal permissions instead. You may contact the security team to
|
|
|
|
request an entry that sets capabilities in /etc/permissions
|
|
|
|
instead.""",
|
|
|
|
'permissions-missing-postin',
|
2010-11-18 17:53:51 +01:00
|
|
|
"""Please add an appropriate %post section""",
|
2010-11-05 16:07:58 +01:00
|
|
|
'permissions-missing-requires',
|
|
|
|
"""Please add \"PreReq: permissions\"""",
|
|
|
|
'permissions-missing-verifyscript',
|
|
|
|
"""Please add a %verifyscript section""",
|
2010-11-18 17:53:51 +01:00
|
|
|
'permissions-suseconfig-obsolete',
|
|
|
|
"""The %run_permissions macro calls SuSEconfig which sets permissions for all
|
|
|
|
files in the system. Please use %set_permissions <filename> instead
|
|
|
|
to only set permissions for files contained in this package""",
|
2008-11-01 23:14:12 +01:00
|
|
|
)
|