diff --git a/wpa-supplicant-log-file-cloexec.patch b/wpa-supplicant-log-file-cloexec.patch new file mode 100644 index 0000000..b3b8774 --- /dev/null +++ b/wpa-supplicant-log-file-cloexec.patch @@ -0,0 +1,48 @@ +From 1c7db928d6e7bbe3e1ffa029b1ce28e65ab53e8a Mon Sep 17 00:00:00 2001 +In-Reply-To: <20181011202010.29226-2-karol@babioch.de> +References: <20181011202010.29226-2-karol@babioch.de> +From: Karol Babioch +Date: Thu, 11 Oct 2018 21:22:03 +0200 +Subject: [PATCH v2 2/2] Enable the close-on-exec flag for the debug log file + descriptor + +On Linux this flag will make sure that no file descriptor is accidentally +leaked into potential child processes. While this is not a problem right now, +it is considered to be good practice these days when dealing with file +descriptors on the Linux. + +Signed-off-by: Karol Babioch +--- + src/utils/wpa_debug.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c +index b412f88e3..9d159632d 100644 +--- a/src/utils/wpa_debug.c ++++ b/src/utils/wpa_debug.c +@@ -60,6 +60,9 @@ static int wpa_to_android_level(int level) + #ifdef CONFIG_DEBUG_FILE + #include + #include ++#ifdef __linux__ ++#include ++#endif /* __linux__ */ + + static int out_fd = -1; + static FILE *out_file = NULL; +@@ -567,6 +570,12 @@ int wpa_debug_open_file(const char *path) + return -1; + } + ++#ifdef __linux__ ++ if (fcntl(out_fd, F_SETFD, FD_CLOEXEC) == -1) { ++ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to set O_CLOEXEC " ++ "on output file descriptor, using standard output"); ++ } ++#endif /* __linux__ */ + #ifndef _WIN32 + setvbuf(out_file, NULL, _IOLBF, 0); + #endif /* _WIN32 */ +-- +2.19.1 + diff --git a/wpa-supplicant-log-file-permission.patch b/wpa-supplicant-log-file-permission.patch new file mode 100644 index 0000000..98d2cfb --- /dev/null +++ b/wpa-supplicant-log-file-permission.patch @@ -0,0 +1,74 @@ +From e0e2be52057628965a4bcce2900913bc82ed011e Mon Sep 17 00:00:00 2001 +In-Reply-To: <20181011202010.29226-2-karol@babioch.de> +References: <20181011202010.29226-2-karol@babioch.de> +From: Karol Babioch +Date: Thu, 11 Oct 2018 21:21:30 +0200 +Subject: [PATCH v2 1/2] Create debug log file with more sane file permissions + +Previously the file permissions for the debug log file were not explicitly set. +Instead it was implicitly relying on a secure umask, which in most cases would +result in a file that is world-readable. This is a violation of good +practices, since not very user of a file should have access to sensitive +information that might be contained in the debug log file. + +This commit will explicitly set sane default file permissions in case +the file is newly created. + +Unfortunately the fopen(3) function does not provide such a facility, so the +approach needs to be changed in the following way: + +1.) The file descriptor needs to be created manually using the open(3) +function with the correct flags and the desired mode set. + +2.) fdopen(3) can then be used on the file descriptor to associate a +file stream with it. + +Note: This modification will not change the file permissions of any already +existing debug log files, and only applies to newly created ones. + +Signed-off-by: Karol Babioch +--- + src/utils/wpa_debug.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c +index 62758d864..b412f88e3 100644 +--- a/src/utils/wpa_debug.c ++++ b/src/utils/wpa_debug.c +@@ -58,6 +58,10 @@ static int wpa_to_android_level(int level) + #ifndef CONFIG_NO_STDOUT_DEBUG + + #ifdef CONFIG_DEBUG_FILE ++#include ++#include ++ ++static int out_fd = -1; + static FILE *out_file = NULL; + #endif /* CONFIG_DEBUG_FILE */ + +@@ -548,12 +552,21 @@ int wpa_debug_open_file(const char *path) + last_path = os_strdup(path); + } + +- out_file = fopen(path, "a"); ++ out_fd = open(path, O_CREAT | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP); ++ if (out_fd < 0) { ++ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " ++ "output file descriptor, using standard output"); ++ return -1; ++ } ++ ++ out_file = fdopen(out_fd, "a"); + if (out_file == NULL) { + wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open " + "output file, using standard output"); ++ close(out_fd); + return -1; + } ++ + #ifndef _WIN32 + setvbuf(out_file, NULL, _IOLBF, 0); + #endif /* _WIN32 */ +-- +2.19.1 + diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes index d8e31d2..11b10eb 100644 --- a/wpa_supplicant.changes +++ b/wpa_supplicant.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Oct 12 06:55:06 UTC 2018 - Karol Babioch + +- Added wpa-supplicant-log-file-permission.patch: Fixes the default file + permissions of the debug log file to more sane values, i.e. it is no longer + world-readable (bsc#1098854). +- Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with + O_CLOEXEC, which will prevent file descriptor leaking to child processes + (bsc#1098854). + ------------------------------------------------------------------- Thu Oct 11 11:58:33 UTC 2018 - Karol Babioch diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 1ac2e2f..5331e73 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -52,6 +52,8 @@ Patch17: rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Respons Patch18: wpa_supplicant-bnc-1099835-fix-private-key-password.patch Patch19: wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch Patch20: rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +Patch21: wpa-supplicant-log-file-permission.patch +Patch22: wpa-supplicant-log-file-cloexec.patch BuildRequires: openssl-devel BuildRequires: pkgconfig @@ -101,6 +103,8 @@ cp %{SOURCE1} wpa_supplicant/.config %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 +%patch22 -p1 %build cd wpa_supplicant