Permalink
Browse files

various security fixes and 0.3 release (thanks Jann Horn)

As per the suggestion of Jann Horn, a couple of security enhancements
have been performed. These changes are incorporated as the 0.3 release.

* Fix directory traveral in openat(2).
* Fix TTY pushback vulnerability by whitelisting ioctl(2) commands.
* Don't allow mmap(MAP_SHARED) to avoid inter-process race conditions.

Abstracted away the path checking so that mkdir(2) and unlink(2) also
benefit from the directory traversal patches. Added some unittests to
test the new security fixes.
  • Loading branch information...
jbremer committed Sep 5, 2016
1 parent 4cc7ea5 commit 73272d85c29b07d0e4eb3690fabe011a6ee2e017
@@ -0,0 +1,34 @@
/*
This file is part of Tracy.
Tracy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Tracy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Tracy. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* We don't allow mkdir() outside of the dirty directory.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main()
{
close(open("/tmp/zipjail-input", O_RDONLY));
mkdir("/tmp/zipjail-dirtydir/../zipjail-workingdir/foo", 0775);
return 0;
}
@@ -0,0 +1,34 @@
/*
This file is part of Tracy.
Tracy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Tracy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Tracy. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* We don't allow mkdir() outside of the dirty directory.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main()
{
close(open("/tmp/zipjail-input", O_RDONLY));
mkdir("/tmp/zipjail-workingdir/foo", 0775);
return 0;
}
@@ -0,0 +1,33 @@
/*
This file is part of Tracy.
Tracy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Tracy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Tracy. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* For now, we don't allow directory traversal in openat.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main()
{
close(open("/tmp/zipjail-input", O_RDONLY, 0));
openat(AT_FDCWD, "/tmp/zipjail-dirtydir/../zipjail-workingdir/a.py", O_WRONLY, 0);
}
@@ -0,0 +1,33 @@
/*
This file is part of Tracy.
Tracy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Tracy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Tracy. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* Don't allow directory traversal in open.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main()
{
close(open("/tmp/zipjail-input", O_RDONLY, 0));
open("/tmp/zipjail-dirtydir/../zipjail-workingdir/x.py", O_WRONLY, 0);
}
@@ -0,0 +1,34 @@
/*
This file is part of Tracy.
Tracy is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Tracy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Tracy. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* We don't allow unlink outside of the dirty directory.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main()
{
close(open("/tmp/zipjail-input", O_RDONLY));
unlink("/tmp/zipjail-dirtydir/../zipjail-workingdir/a.c");
return 0;
}
Oops, something went wrong.

0 comments on commit 73272d8

Please sign in to comment.