Ensure security of default user environment

cpukit/libcsupport/src/base_fs.c

@@ -49,12 +49,9 @@ void rtems_filesystem_initialize( void )
    *  Traditionally RTEMS devices are under "/dev" so install this directory.
    *
    *  If the mkdir() fails, we can't print anything so just fatal error.
-   *
-   *  NOTE: UNIX root is 755 and owned by root/root (0/0).  It is actually
-   *        created that way by the IMFS.
    */
 
-  rv = mkdir( "/dev", 0777);
+  rv = mkdir( "/dev", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH );
   if ( rv != 0 )
     rtems_fatal_error_occurred( 0xABCD0003 );
 

cpukit/libcsupport/src/pwdgrp.c

@@ -26,6 +26,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
@@ -41,11 +42,17 @@ static pthread_once_t pwdgrp_once = PTHREAD_ONCE_INIT;
 
 static void init_file(const char *name, const char *content)
 {
-  FILE *fp = fopen(name, "wx");
+  /*
+   * Unlike to standard UNIX systems, these files are only readable and
+   * writeable for the root user.  This way we avoid the need for an
+   * /etc/shadow.  In case more UNIX compatibility is desired, this can be
+   * added on demand.
+   */
+  int fd = open(name, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
 
-  if (fp != NULL) {
-    fputs(content, fp);
-    fclose(fp);
+  if (fd >= 0) {
+    write(fd, content, strlen(content));
+    close(fd);
   }
 }
 
@@ -54,7 +61,7 @@ static void init_file(const char *name, const char *content)
  */
 static void pwdgrp_init(void)
 {
-  mkdir("/etc", 0777);
+  mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 
   /*
    *  Initialize /etc/passwd

testsuites/libtests/Makefile.am

@@ -1,6 +1,7 @@
 ACLOCAL_AMFLAGS = -I ../aclocal
 
 _SUBDIRS = POSIX
+_SUBDIRS += pwdgrp02
 _SUBDIRS += shell01
 _SUBDIRS += pwdgrp01
 _SUBDIRS += crypt01

testsuites/libtests/configure.ac

@@ -66,6 +66,7 @@ AS_IF([test x"$HAVE_LIBDL" = x"yes"],[
 
 # Explicitly list all Makefiles here
 AC_CONFIG_FILES([Makefile
+pwdgrp02/Makefile
 shell01/Makefile
 pwdgrp01/Makefile
 crypt01/Makefile

testsuites/libtests/pwdgrp02/Makefile.am

@@ -0,0 +1,19 @@
+rtems_tests_PROGRAMS = pwdgrp02
+pwdgrp02_SOURCES = init.c
+
+dist_rtems_tests_DATA = pwdgrp02.scn pwdgrp02.doc
+
+include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP@.cfg
+include $(top_srcdir)/../automake/compile.am
+include $(top_srcdir)/../automake/leaf.am
+
+AM_CPPFLAGS += -I$(top_srcdir)/../support/include
+
+LINK_OBJS = $(pwdgrp02_OBJECTS)
+LINK_LIBS = $(pwdgrp02_LDLIBS)
+
+pwdgrp02$(EXEEXT): $(pwdgrp02_OBJECTS) $(pwdgrp02_DEPENDENCIES)
+	@rm -f pwdgrp02$(EXEEXT)
+	$(make-exe)
+
+include $(top_srcdir)/../automake/local.am

testsuites/libtests/pwdgrp02/init.c

@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * The license and distribution terms for this file may be
+ * found in the file LICENSE in this distribution or at
+ * http://www.rtems.org/license/LICENSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+  #include "config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "tmacros.h"
+
+const char rtems_test_name[] = "PWDGRP 2";
+
+static void assert_pwd(struct passwd *pwd)
+{
+  rtems_test_assert(strcmp(pwd->pw_name, "root") == 0);
+  rtems_test_assert(strcmp(pwd->pw_passwd, "") == 0);
+  rtems_test_assert(pwd->pw_uid == 0);
+  rtems_test_assert(pwd->pw_gid == 0);
+  rtems_test_assert(strcmp(pwd->pw_comment, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_gecos, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_dir, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_shell, "") == 0);
+}
+
+static void assert_grp(struct group *grp)
+{
+  rtems_test_assert(strcmp(grp->gr_name, "root") == 0);
+  rtems_test_assert(strcmp(grp->gr_passwd, "") == 0);
+  rtems_test_assert(grp->gr_gid == 0);
+  rtems_test_assert(grp->gr_mem[0] == NULL);
+}
+
+static void assert_dir(const char *name)
+{
+  int rv;
+  struct stat st;
+
+  rv = lstat(name, &st);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(st.st_uid == 0);
+  rtems_test_assert(st.st_gid == 0);
+  rtems_test_assert(
+    st.st_mode == (S_IFDIR | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)
+  );
+}
+
+static void test(void)
+{
+  int rv;
+  struct passwd pwd;
+  struct group grp;
+  struct passwd *pwd_res;
+  struct group *grp_res;
+  char buf[256];
+
+  rtems_test_assert(getuid() == 0);
+  rtems_test_assert(geteuid() == 0);
+
+  rtems_test_assert(getgid() == 0);
+  rtems_test_assert(getegid() == 0);
+
+  memset(&pwd, 0xff, sizeof(pwd));
+  rv = getpwnam_r("root", &pwd, &buf[0], sizeof(buf), &pwd_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&pwd == pwd_res);
+  assert_pwd(pwd_res);
+
+  memset(&pwd, 0xff, sizeof(pwd));
+  rv = getpwuid_r(0, &pwd, &buf[0], sizeof(buf), &pwd_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&pwd == pwd_res);
+  assert_pwd(pwd_res);
+
+  memset(&grp, 0xff, sizeof(grp));
+  rv = getgrnam_r("root", &grp, &buf[0], sizeof(buf), &grp_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&grp == grp_res);
+  assert_grp(grp_res);
+
+  memset(&grp, 0xff, sizeof(grp));
+  rv = getgrgid_r(0, &grp, &buf[0], sizeof(buf), &grp_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&grp == grp_res);
+  assert_grp(grp_res);
+
+  assert_dir("/dev");
+  assert_dir("/etc");
+
+  rv = setuid(1);
+  rtems_test_assert(rv == 0);
+
+  rv = seteuid(1);
+  rtems_test_assert(rv == 0);
+
+  errno = 0;
+  rv = unlink("/etc/passwd");
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = unlink("/etc/group");
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", O_RDONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", O_RDONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", O_WRONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", O_WRONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", 0);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", 0);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+}
+
+static void Init(rtems_task_argument arg)
+{
+  TEST_BEGIN();
+
+  test();
+
+  TEST_END();
+  rtems_test_exit(0);
+}
+
+#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
+#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER
+
+#define CONFIGURE_USE_IMFS_AS_BASE_FILESYSTEM
+
+#define CONFIGURE_LIBIO_MAXIMUM_FILE_DESCRIPTORS 4
+
+#define CONFIGURE_MAXIMUM_TASKS 1
+
+#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
+
+#define CONFIGURE_INIT
+
+#include <rtems/confdefs.h>

testsuites/libtests/pwdgrp02/pwdgrp02.doc

@@ -0,0 +1,11 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: pwdgrp02
+
+directives:
+
+  - _libcsupport_pwdgrp_init
+
+concepts:
+
+  - Ensures security of default user environment.

testsuites/libtests/pwdgrp02/pwdgrp02.scn

@@ -0,0 +1,2 @@
+*** BEGIN OF TEST PWDGRP 2 ***
+*** END OF TEST PWDGRP 2 ***