From d2aa891e1e96cc0f7ed22a1833662c215ce693bb Mon Sep 17 00:00:00 2001 From: Solderpunk Date: Wed, 19 Dec 2018 21:33:17 +0000 Subject: Drop bbs euid whenever it is not required, so that users don't end up in privileged editors which can be used to vandalise posts. --- telem.lua | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'telem.lua') diff --git a/telem.lua b/telem.lua index 9b81881..56379ca 100755 --- a/telem.lua +++ b/telem.lua @@ -10,6 +10,7 @@ path = require("pl.path") string = require("string") stringx = require("pl.stringx") table = require("table") +unistd = require("posix.unistd") _BBS_ROOT = "/var/bbs/" _EDITOR = os.getenv("EDITOR") @@ -37,6 +38,21 @@ current_thread_posts = {} -- Array of post tables, containing posts associated w current_post_index = nil -- Integer index into current_thread_posts colours = true -- Boolean, controls whether to use ANSI colours +-- Setuid stuff + +bbs_uid = unistd.geteuid() +user_uid = unistd.getuid() + +function drop_privs() + unistd.setpid("U", user_uid) +end + +function raise_privs() + unistd.setpid("U", bbs_uid) +end + +drop_privs() + -- Utility functions function cat_file(filename) @@ -147,6 +163,7 @@ end function load_scan_times() local scanfile = path.join(_BBS_ROOT, "scans", username ..".scan") + raise_privs() local f, err = io.open(scanfile, "r") if f == nil then return end for line in f:lines() do @@ -156,15 +173,18 @@ function load_scan_times() end end f:close() + drop_privs() end function save_scan_times() local scanfile = path.join(_BBS_ROOT, "scans", username ..".scan") + raise_privs() local f, err = io.open(scanfile, "w") for _, board in ipairs(boards) do f:write(board.name .. ":" .. tostring(board.last_scanned) .. "\n") end f:close() + drop_privs() end -- Commands @@ -192,6 +212,7 @@ function do_board() return end -- Create directory + raise_privs() local board_dir = path.join(_BBS_ROOT, "boards", board) lfs.mkdir(board_dir) os.execute("chmod og+rwx " .. board_dir) @@ -199,6 +220,7 @@ function do_board() local topic_file = path.join(board_dir, "topic") file.write(topic_file, desc) os.execute("chmod og+r " .. topic_file) + drop_privs() -- Update representation of BBS update_boards() -- Done! @@ -324,6 +346,9 @@ function create_post() file.delete(filename) return nil else + -- Make sure the telem program can read this file once + -- it sets the euid to bbs. + os.execute("chmod og+r " .. filename) return filename end end @@ -351,6 +376,7 @@ function do_new() local timestamp = tostring(os.time()) local thread_dir = timestamp .. "-" .. username local thread_path = path.join(current_board.directory, thread_dir) + raise_privs() lfs.mkdir(thread_path) os.execute("chmod og+rwx " .. thread_path) -- Write subject file @@ -359,11 +385,15 @@ function do_new() -- Move post file local post_file = thread_dir -- first post and thread directory names are the same! local newpath = path.join(thread_path, post_file) - local ret, str = file.move(filename, newpath) + -- Copy first - bbs user doesn't have permissions to delete + local ret, str = file.copy(filename, newpath) if not ret then print(str) end os.execute("chmod og+r " .. newpath) + drop_privs() + -- Delete file to complete the move + file.delete(filename) -- Done! print("Post submitted.") end @@ -426,11 +456,14 @@ function do_type_reply() local timestamp = tostring(os.time()) local newfilename = timestamp .. "-" .. username local newpath = path.join(current_thread.directory, newfilename) - local ret, str = file.move(filename, newpath) + raise_privs() + local ret, str = file.copy(filename, newpath) if not ret then print(str) end os.execute("chmod og+r " .. newpath) + drop_privs() + file.delete(filename) -- Update state and show reply current_thread_posts = get_posts(current_thread) current_post_index = #current_thread_posts -- cgit v1.2.3