From 22612dbaaf94f37ed8bb56e99d5e32655c395f08 Mon Sep 17 00:00:00 2001 From: Charlie Fenton Date: Thu, 20 Mar 2008 23:44:05 +0000 Subject: [PATCH] Mac: Update sandbox security for symlinks replacing xml soft links. svn path=/trunk/boinc/; revision=14953 --- checkin_notes | 9 ++++ client/check_security.C | 92 +++++++++++++++++---------------- clientgui/mac/SetupSecurity.cpp | 10 +++- 3 files changed, 64 insertions(+), 47 deletions(-) diff --git a/checkin_notes b/checkin_notes index a508cb655a..537e470716 100644 --- a/checkin_notes +++ b/checkin_notes @@ -2580,3 +2580,12 @@ David Mar 20 2008 html/inc/ GeoIP.dat geoip.inc + +Charlie Mar 20 2008 + - Mac: Update sandbox security for symlinks replacing xml soft links. + + client/ + check_security.C + clientgui/ + mac/ + SetupSecurity.cpp diff --git a/client/check_security.C b/client/check_security.C index 7e1707a91d..628b698384 100644 --- a/client/check_security.C +++ b/client/check_security.C @@ -218,7 +218,7 @@ int use_sandbox, int isManager if (p) *p = '\0'; - retval = stat(full_path, &sbuf); + retval = lstat(full_path, &sbuf); if (retval) return -1013; // Should never happen @@ -491,61 +491,63 @@ static int CheckNestedDirectories(char * basepath, int depth, int use_sandbox) { strlcat(full_path, "/", sizeof(full_path)); strlcat(full_path, dp->d_name, sizeof(full_path)); - retval = stat(full_path, &sbuf); + retval = lstat(full_path, &sbuf); if (retval) break; // Should never happen isDirectory = S_ISDIR(sbuf.st_mode); - if (depth > 1) { - // files and subdirectories created by projects may have owner boinc_master or boinc_project - if ( (sbuf.st_uid != boinc_master_uid) && (sbuf.st_uid != boinc_project_uid) ) { - retval = -1202; - break; - } - } else { - // project & slot directories (projects/setiathome.berkeley.edu, slots/0 etc.) - // must have owner boinc_master - if (sbuf.st_uid != boinc_master_uid) { - retval = -1202; - break; - } - } - - if (use_sandbox) { - if (sbuf.st_gid != boinc_project_gid) { - retval = -1201; + if (!S_ISLNK(sbuf.st_mode)) { + if (depth > 1) { + // files and subdirectories created by projects may have owner boinc_master or boinc_project + if ( (sbuf.st_uid != boinc_master_uid) && (sbuf.st_uid != boinc_project_uid) ) { + retval = -1202; break; } - - if (isDirectory) { - if (depth == 1) { + } else { // project & slot directories (projects/setiathome.berkeley.edu, slots/0 etc.) - // must be readable & executable by other - if ((sbuf.st_mode & 0777) != 0775) { - retval = -1203; - break; - } -#if 0 // We may enforce permissions later for subdirectories written by project applications - } else { - // subdirectories created by projects may be executable by other or not - if ((sbuf.st_mode & 0770) != 0770) { - retval = -1203; - break; - } -#endif - } -#if 0 // We may enforce permissions later for files written by project applications - } else { // ! isDirectory - if ((sbuf.st_mode & 0666) != 0660) { - retval = -1204; + // must have owner boinc_master + if (sbuf.st_uid != boinc_master_uid) { + retval = -1202; break; } -#endif } - } // if (use_sandbox) - - if (isDirectory) { + + if (use_sandbox) { + if (sbuf.st_gid != boinc_project_gid) { + retval = -1201; + break; + } + + if (isDirectory) { + if (depth == 1) { + // project & slot directories (projects/setiathome.berkeley.edu, slots/0 etc.) + // must be readable & executable by other + if ((sbuf.st_mode & 0777) != 0775) { + retval = -1203; + break; + } +#if 0 // We may enforce permissions later for subdirectories written by project applications + } else { + // subdirectories created by projects may be executable by other or not + if ((sbuf.st_mode & 0770) != 0770) { + retval = -1203; + break; + } +#endif + } +#if 0 // We may enforce permissions later for files written by project applications + } else { // ! isDirectory + if ((sbuf.st_mode & 0666) != 0660) { + retval = -1204; + break; + } +#endif + } + } // if (use_sandbox) + } // if (!S_ISLNK(sbuf.st_mode)) + + if (isDirectory && !S_ISLNK(sbuf.st_mode)) { if (use_sandbox && (depth > 1)) if ((sbuf.st_uid != boinc_master_uid) && (sbuf.st_gid != boinc_master_gid)) continue; // We can't check subdirectories owned by boinc_project diff --git a/clientgui/mac/SetupSecurity.cpp b/clientgui/mac/SetupSecurity.cpp index d4046c3e19..cf5983178d 100644 --- a/clientgui/mac/SetupSecurity.cpp +++ b/clientgui/mac/SetupSecurity.cpp @@ -572,9 +572,15 @@ static OSStatus UpdateNestedDirectories(char * basepath) { strlcat(fullpath, dp->d_name, sizeof(fullpath)); retval = stat(fullpath, &sbuf); - if (retval) + if (retval) { + if (lstat(fullpath, &sbuf) == 0) { + // A broken symlink in a slot directory may be OK if slot is no longer in use + if (S_ISLNK(sbuf.st_mode)) { + continue; + } + } break; // Should never happen - + } isDirectory = S_ISDIR(sbuf.st_mode); if (isDirectory) {