aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2014-06-17 16:05:08 -0400
committerZhang Rui <rui.zhang@intel.com>2014-07-01 10:00:38 -0400
commit951fda3d8c644597a1d5cdae14cab31567e754a1 (patch)
tree7d705c9a9c0208e8b94b4c683377865c182f0af5
parent6b533269fb2513a1281a878e316bb920fc54db31 (diff)
tmon: Check log file for common secuirty issues
The tmon logging system blindly opens its log file on a static path, making it very easy for someone to redirect that log information to inappropriate places or overwrite other users data. Do some easy checking to make sure we're not logging to a symlink or a file owned by another user. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Jacob Pan <jacob.jun.pan@linux.intel.com> Signed-off-by: Zhang Rui <rui.zhang@intel.com>
-rw-r--r--tools/thermal/tmon/tmon.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/tools/thermal/tmon/tmon.c b/tools/thermal/tmon/tmon.c
index b30f531173e4..059e0becb386 100644
--- a/tools/thermal/tmon/tmon.c
+++ b/tools/thermal/tmon/tmon.c
@@ -142,6 +142,7 @@ static void start_syslog(void)
142static void prepare_logging(void) 142static void prepare_logging(void)
143{ 143{
144 int i; 144 int i;
145 struct stat logstat;
145 146
146 if (!logging) 147 if (!logging)
147 return; 148 return;
@@ -152,6 +153,29 @@ static void prepare_logging(void)
152 return; 153 return;
153 } 154 }
154 155
156 if (lstat(TMON_LOG_FILE, &logstat) < 0) {
157 syslog(LOG_ERR, "Unable to stat log file %s\n", TMON_LOG_FILE);
158 fclose(tmon_log);
159 tmon_log = NULL;
160 return;
161 }
162
163 /* The log file must be a regular file owned by us */
164 if (S_ISLNK(logstat.st_mode)) {
165 syslog(LOG_ERR, "Log file is a symlink. Will not log\n");
166 fclose(tmon_log);
167 tmon_log = NULL;
168 return;
169 }
170
171 if (logstat.st_uid != getuid()) {
172 syslog(LOG_ERR, "We don't own the log file. Not logging\n");
173 fclose(tmon_log);
174 tmon_log = NULL;
175 return;
176 }
177
178
155 fprintf(tmon_log, "#----------- THERMAL SYSTEM CONFIG -------------\n"); 179 fprintf(tmon_log, "#----------- THERMAL SYSTEM CONFIG -------------\n");
156 for (i = 0; i < ptdata.nr_tz_sensor; i++) { 180 for (i = 0; i < ptdata.nr_tz_sensor; i++) {
157 char binding_str[33]; /* size of long + 1 */ 181 char binding_str[33]; /* size of long + 1 */