| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/file_util.h" | 5 #include "base/file_util.h" |
| 6 | 6 |
| 7 #include <dirent.h> | 7 #include <dirent.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <fnmatch.h> | 10 #include <fnmatch.h> |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 #endif | 31 #endif |
| 32 | 32 |
| 33 #include <fstream> | 33 #include <fstream> |
| 34 | 34 |
| 35 #include "base/basictypes.h" | 35 #include "base/basictypes.h" |
| 36 #include "base/eintr_wrapper.h" | 36 #include "base/eintr_wrapper.h" |
| 37 #include "base/file_path.h" | 37 #include "base/file_path.h" |
| 38 #include "base/logging.h" | 38 #include "base/logging.h" |
| 39 #include "base/memory/scoped_ptr.h" | 39 #include "base/memory/scoped_ptr.h" |
| 40 #include "base/memory/singleton.h" | 40 #include "base/memory/singleton.h" |
| 41 #include "base/stl_util.h" |
| 41 #include "base/string_util.h" | 42 #include "base/string_util.h" |
| 42 #include "base/stringprintf.h" | 43 #include "base/stringprintf.h" |
| 43 #include "base/sys_string_conversions.h" | 44 #include "base/sys_string_conversions.h" |
| 44 #include "base/threading/thread_restrictions.h" | 45 #include "base/threading/thread_restrictions.h" |
| 45 #include "base/time.h" | 46 #include "base/time.h" |
| 46 #include "base/utf_string_conversions.h" | 47 #include "base/utf_string_conversions.h" |
| 47 | 48 |
| 48 #if defined(OS_ANDROID) | 49 #if defined(OS_ANDROID) |
| 49 #include "base/os_compat_android.h" | 50 #include "base/os_compat_android.h" |
| 50 #endif | 51 #endif |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 if (!realpath(path.value().c_str(), buf)) | 85 if (!realpath(path.value().c_str(), buf)) |
| 85 return false; | 86 return false; |
| 86 | 87 |
| 87 *real_path = FilePath(buf); | 88 *real_path = FilePath(buf); |
| 88 return true; | 89 return true; |
| 89 } | 90 } |
| 90 | 91 |
| 91 // Helper for VerifyPathControlledByUser. | 92 // Helper for VerifyPathControlledByUser. |
| 92 bool VerifySpecificPathControlledByUser(const FilePath& path, | 93 bool VerifySpecificPathControlledByUser(const FilePath& path, |
| 93 uid_t owner_uid, | 94 uid_t owner_uid, |
| 94 gid_t group_gid) { | 95 const std::set<gid_t>& group_gids) { |
| 95 stat_wrapper_t stat_info; | 96 stat_wrapper_t stat_info; |
| 96 if (CallLstat(path.value().c_str(), &stat_info) != 0) { | 97 if (CallLstat(path.value().c_str(), &stat_info) != 0) { |
| 97 PLOG(ERROR) << "Failed to get information on path " | 98 PLOG(ERROR) << "Failed to get information on path " |
| 98 << path.value(); | 99 << path.value(); |
| 99 return false; | 100 return false; |
| 100 } | 101 } |
| 101 | 102 |
| 102 if (S_ISLNK(stat_info.st_mode)) { | 103 if (S_ISLNK(stat_info.st_mode)) { |
| 103 LOG(ERROR) << "Path " << path.value() | 104 LOG(ERROR) << "Path " << path.value() |
| 104 << " is a symbolic link."; | 105 << " is a symbolic link."; |
| 105 return false; | 106 return false; |
| 106 } | 107 } |
| 107 | 108 |
| 108 if (stat_info.st_uid != owner_uid) { | 109 if (stat_info.st_uid != owner_uid) { |
| 109 LOG(ERROR) << "Path " << path.value() | 110 LOG(ERROR) << "Path " << path.value() |
| 110 << " is owned by the wrong user."; | 111 << " is owned by the wrong user."; |
| 111 return false; | 112 return false; |
| 112 } | 113 } |
| 113 | 114 |
| 114 if (stat_info.st_gid != group_gid) { | 115 if ((stat_info.st_mode & S_IWGRP) && |
| 116 !ContainsKey(group_gids, stat_info.st_gid)) { |
| 115 LOG(ERROR) << "Path " << path.value() | 117 LOG(ERROR) << "Path " << path.value() |
| 116 << " is owned by the wrong group."; | 118 << " is writable by an unprivileged group."; |
| 117 return false; | 119 return false; |
| 118 } | 120 } |
| 119 | 121 |
| 120 if (stat_info.st_mode & S_IWOTH) { | 122 if (stat_info.st_mode & S_IWOTH) { |
| 121 LOG(ERROR) << "Path " << path.value() | 123 LOG(ERROR) << "Path " << path.value() |
| 122 << " is writable by any user."; | 124 << " is writable by any user."; |
| 123 return false; | 125 return false; |
| 124 } | 126 } |
| 125 | 127 |
| 126 return true; | 128 return true; |
| (...skipping 856 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 if (HANDLE_EINTR(close(outfile)) < 0) | 985 if (HANDLE_EINTR(close(outfile)) < 0) |
| 984 result = false; | 986 result = false; |
| 985 | 987 |
| 986 return result; | 988 return result; |
| 987 } | 989 } |
| 988 #endif // defined(OS_MACOSX) | 990 #endif // defined(OS_MACOSX) |
| 989 | 991 |
| 990 bool VerifyPathControlledByUser(const FilePath& base, | 992 bool VerifyPathControlledByUser(const FilePath& base, |
| 991 const FilePath& path, | 993 const FilePath& path, |
| 992 uid_t owner_uid, | 994 uid_t owner_uid, |
| 993 gid_t group_gid) { | 995 const std::set<gid_t>& group_gids) { |
| 994 if (base != path && !base.IsParent(path)) { | 996 if (base != path && !base.IsParent(path)) { |
| 995 LOG(ERROR) << "|base| must be a subdirectory of |path|. base = \"" | 997 LOG(ERROR) << "|base| must be a subdirectory of |path|. base = \"" |
| 996 << base.value() << "\", path = \"" << path.value() << "\""; | 998 << base.value() << "\", path = \"" << path.value() << "\""; |
| 997 return false; | 999 return false; |
| 998 } | 1000 } |
| 999 | 1001 |
| 1000 std::vector<FilePath::StringType> base_components; | 1002 std::vector<FilePath::StringType> base_components; |
| 1001 std::vector<FilePath::StringType> path_components; | 1003 std::vector<FilePath::StringType> path_components; |
| 1002 | 1004 |
| 1003 base.GetComponents(&base_components); | 1005 base.GetComponents(&base_components); |
| 1004 path.GetComponents(&path_components); | 1006 path.GetComponents(&path_components); |
| 1005 | 1007 |
| 1006 std::vector<FilePath::StringType>::const_iterator ib, ip; | 1008 std::vector<FilePath::StringType>::const_iterator ib, ip; |
| 1007 for (ib = base_components.begin(), ip = path_components.begin(); | 1009 for (ib = base_components.begin(), ip = path_components.begin(); |
| 1008 ib != base_components.end(); ++ib, ++ip) { | 1010 ib != base_components.end(); ++ib, ++ip) { |
| 1009 // |base| must be a subpath of |path|, so all components should match. | 1011 // |base| must be a subpath of |path|, so all components should match. |
| 1010 // If these CHECKs fail, look at the test that base is a parent of | 1012 // If these CHECKs fail, look at the test that base is a parent of |
| 1011 // path at the top of this function. | 1013 // path at the top of this function. |
| 1012 CHECK(ip != path_components.end()); | 1014 CHECK(ip != path_components.end()); |
| 1013 CHECK(*ip == *ib); | 1015 CHECK(*ip == *ib); |
| 1014 } | 1016 } |
| 1015 | 1017 |
| 1016 FilePath current_path = base; | 1018 FilePath current_path = base; |
| 1017 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid)) | 1019 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids)) |
| 1018 return false; | 1020 return false; |
| 1019 | 1021 |
| 1020 for (; ip != path_components.end(); ++ip) { | 1022 for (; ip != path_components.end(); ++ip) { |
| 1021 current_path = current_path.Append(*ip); | 1023 current_path = current_path.Append(*ip); |
| 1022 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid)) | 1024 if (!VerifySpecificPathControlledByUser( |
| 1025 current_path, owner_uid, group_gids)) |
| 1023 return false; | 1026 return false; |
| 1024 } | 1027 } |
| 1025 return true; | 1028 return true; |
| 1026 } | 1029 } |
| 1027 | 1030 |
| 1028 #if defined(OS_MACOSX) | 1031 #if defined(OS_MACOSX) |
| 1029 bool VerifyPathControlledByAdmin(const FilePath& path) { | 1032 bool VerifyPathControlledByAdmin(const FilePath& path) { |
| 1030 const unsigned kRootUid = 0; | 1033 const unsigned kRootUid = 0; |
| 1031 const FilePath kFileSystemRoot("/"); | 1034 const FilePath kFileSystemRoot("/"); |
| 1032 | 1035 |
| 1033 // The name of the administrator group on mac os. | 1036 // The name of the administrator group on mac os. |
| 1034 const char kAdminGroupName[] = "admin"; | 1037 const char* const kAdminGroupNames[] = { |
| 1038 "admin", |
| 1039 "wheel" |
| 1040 }; |
| 1035 | 1041 |
| 1036 // Reading the groups database may touch the file system. | 1042 // Reading the groups database may touch the file system. |
| 1037 base::ThreadRestrictions::AssertIOAllowed(); | 1043 base::ThreadRestrictions::AssertIOAllowed(); |
| 1038 | 1044 |
| 1039 struct group *group_record = getgrnam(kAdminGroupName); | 1045 std::set<gid_t> allowed_group_ids; |
| 1040 if (!group_record) { | 1046 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) { |
| 1041 PLOG(ERROR) << "Could not get the group ID of group \"" | 1047 struct group *group_record = getgrnam(kAdminGroupNames[i]); |
| 1042 << kAdminGroupName << "\"."; | 1048 if (!group_record) { |
| 1043 return false; | 1049 PLOG(ERROR) << "Could not get the group ID of group \"" |
| 1050 << kAdminGroupNames[i] << "\"."; |
| 1051 continue; |
| 1052 } |
| 1053 |
| 1054 allowed_group_ids.insert(group_record->gr_gid); |
| 1044 } | 1055 } |
| 1045 | 1056 |
| 1046 return VerifyPathControlledByUser( | 1057 return VerifyPathControlledByUser( |
| 1047 kFileSystemRoot, path, kRootUid, group_record->gr_gid); | 1058 kFileSystemRoot, path, kRootUid, allowed_group_ids); |
| 1048 } | 1059 } |
| 1049 #endif // defined(OS_MACOSX) | 1060 #endif // defined(OS_MACOSX) |
| 1050 | 1061 |
| 1051 } // namespace file_util | 1062 } // namespace file_util |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8318011:
Update write checks for external extension file on mac. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src