Skip to content

Commit

Permalink
Merge pull request #423 from swomf/polkit-write-anywhere
Browse files Browse the repository at this point in the history
SECURITY: Prevent create_ap's --mkconfig switch from overwriting any file without explicit authorization
  • Loading branch information
lakinduakash authored Nov 9, 2024
2 parents c46049b + 826f0a8 commit 2cedd27
Showing 1 changed file with 20 additions and 1 deletion.
21 changes: 20 additions & 1 deletion src/scripts/create_ap
Original file line number Diff line number Diff line change
Expand Up @@ -1006,7 +1006,26 @@ send_stop() {
write_config() {
local i=1

if ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
# If using pkexec, evaluate permissions before writing.
# However, the /etc/create_ap.conf
# location is excepted.
if [[ "$STORE_CONFIG" != "/etc/create_ap.conf" && $PKEXEC_UID ]]; then
if [ -e "$STORE_CONFIG" ]; then
if ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$STORE_CONFIG"; then
echo "ERROR: 1 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
exit 1
fi
elif ! pkexec --user "$(id -nu $PKEXEC_UID)" test -w "$(dirname "$STORE_CONFIG")"; then
echo "ERROR: 2 $(id -nu $PKEXEC_UID) has insufficient permissions to write to config file $STORE_CONFIG"
exit 1
fi
# Assume that the user is making a conf file in a directory they normally
# have control over, and keep permissions strictly private. (i.e. they will
# need to run create_ap directly with sudo in order to write to, say, /etc/create_ap2.conf)
touch "$STORE_CONFIG"
chown "$(id -nu $PKEXEC_UID):$(id -ng $PKEXEC_GID)" "$STORE_CONFIG"
chmod 600 "$STORE_CONFIG"
elif ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then
echo "ERROR: Unable to create config file $STORE_CONFIG" >&2
exit 1
fi
Expand Down

0 comments on commit 2cedd27

Please sign in to comment.