[Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue

Schaufler, Casey casey.schaufler at intel.com
Wed Oct 9 15:39:04 GMT 2013


> -----Original Message-----
> From: dev-bounces at lists.tizen.org [mailto:dev-bounces at lists.tizen.org] On
> Behalf Of Jarkko Sakkinen
> Sent: Wednesday, October 09, 2013 4:33 AM
> To: Sakkinen, Jarkko
> Cc: dev at lists.tizen.org
> Subject: Re: [Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded
> UID issue
> 
> On Wed, 9 Oct 2013, Jarkko Sakkinen wrote:
> > On Tue, 8 Oct 2013, Dominig ar Foll (Intel OTC) wrote:
> >>       - AMD receives the launch request from different users and
> >>       identifies the caller information by reading socket
> >>       (SO_PEERCRED). This information is passed to launchpad daemon
> >>       by bundle with AUL_K_UID and AUL_K_GID.
> >>
> >> Getting the correct ID is a first step, you also need to set the same
> >> environment before lauching the App, in particular the $HOME $DISPLAY
> >> and D-Bus session. SO_PEERCRED provides the information needed to get
> >> the caller ENV via /proc/PID/environ
> >
> > Is SO_PEERCRED reliable mechanism in our environment? I just
> > remembered from Harmattan times that there was some raciness in it.

SO_PEERCRED is fine.

/proc/PID is *not*. Unless you have some way to ensure that the pid represents the right process you can't count on it. Also, it seems questionable that you should launch an application with a particular environment just because another application uses that environment. 

> > You could basically create a program that sends for example a DBUS
> > message that it does not have privileges and then quickly exec
> > something that has higher priviledge.
> >
> > This exploit was actually also demonstrated back then so the race
> > condition is real.
> 
> Fix for this issue in Harmattan was to check 'f_cred' from the socket file. I
> don't know anything in the mainline kernel that would enable two processes
> safely agree on the credentials with UDS socket based communication.
> 
> > /Jarkko
> 
> /Jarkko
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev


More information about the Dev mailing list