Sophie: virtualbox-2.0.2-2.2mdv2009.0 src

virtualbox-2.0.2-2.2mdv2009.0.src.rpm

#! /bin/sh /usr/share/dpatch/dpatch-run
## 16-tmp-symlink-attack.dpatch by Michael Meskes <meskes@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixing a potential symlink attack
## DP: rediff the following upstream commits against virtualbox-ose 1.6.6-dfsg-1:
## DP: - r13788
## DP: - r13807
## DP: - r13809
## DP: - r13810

@DPATCH@

diff -urNad virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp
--- virtualbox-ose-1.6.6-dfsg.orig/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp	2008-11-05 14:43:38.000000000 +0100
+++ virtualbox-ose-1.6.6-dfsg/src/libs/xpcom18a4/ipc/ipcd/daemon/src/ipcdUnix.cpp	2008-11-05 14:44:08.000000000 +0100
@@ -93,7 +93,7 @@
     EOk = 0,
     ELockFileOpen = -1,
     ELockFileLock = -2,
-
+    ELockFileOwner = -3,
 };
 
 static int ipcLockFD = 0;
@@ -112,16 +112,70 @@
     lockFile[dirLen] = '/';
     memcpy(lockFile + dirLen + 1, lockName, sizeof(lockName));
 
+#ifdef VBOX
+    //
+    // Security checks for the directory
+    //
+    struct stat st;
+    if (stat(baseDir, &st) == -1)
+    {
+        printf("Cannot stat '%s'.\n", baseDir);
+        return ELockFileOwner;
+    }
+
+    if (st.st_uid != getuid() && st.st_uid != geteuid())
+    {
+        printf("Wrong owner (%d) of '%s'.\n", st.st_uid, baseDir);
+        return ELockFileOwner;
+    }
+
+    if (st.st_mode != (S_IRUSR | S_IWUSR | S_IXUSR | S_IFDIR))
+    {
+        printf("Wrong mode (%o) of '%s'.\n", st.st_mode, baseDir);
+        return ELockFileOwner;
+    }
+#endif
+
     //
     // open lock file.  it remains open until we shutdown.
     //
     ipcLockFD = open(lockFile, O_WRONLY|O_CREAT, S_IWUSR|S_IRUSR);
 
+#ifndef VBOX
     free(lockFile);
+#endif
 
     if (ipcLockFD == -1)
         return ELockFileOpen;
 
+#ifdef VBOX
+    //
+    // Security checks for the lock file
+    //
+    if (fstat(ipcLockFD, &st) == -1)
+    {
+        printf("Cannot stat '%s'.\n", lockFile);
+        free(lockFile);
+        return ELockFileOwner;
+    }
+
+    if (st.st_uid != getuid() && st.st_uid != geteuid())
+    {
+        printf("Wrong owner (%d) of '%s'.\n", st.st_uid, lockFile);
+        free(lockFile);
+        return ELockFileOwner;
+    }
+
+    if (st.st_mode != (S_IRUSR | S_IWUSR | S_IFREG))
+    {
+        printf("Wrong mode (%o) of '%s'.\n", st.st_mode, lockFile);
+        free(lockFile);
+        return ELockFileOwner;
+    }
+
+    free(lockFile);
+#endif
+
     //
     // we use fcntl for locking.  assumption: filesystem should be local.
     // this API is nice because the lock will be automatically released
@@ -433,8 +487,9 @@
             // don't notify the parent to cause it to fail in PR_Read() after
             // we terminate
 #ifdef VBOX
-            printf("Cannot create a lock file for '%s'.\n"
-                   "Check permissions.\n", addr.local.path);
+            if (status != ELockFileOwner)
+                printf("Cannot create a lock file for '%s'.\n"
+                        "Check permissions.\n", addr.local.path);
 #endif
             return 0;
         }