From 789b17b6d48783f464656ec27be9d1e88cf0bfb8 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 3 Apr 2018 16:53:53 +0200 Subject: [PATCH 1/4] Don't use getenv for critical functions when run as setuid/setgid --- crypto/conf/conf_mod.c | 8 +++++--- crypto/engine/eng_list.c | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 7622d8e1f3385..2ea7873a03471 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -479,9 +479,11 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); + if (!OPENSSL_issetugid()) { + file = getenv("OPENSSL_CONF"); + if (file) + return OPENSSL_strdup(file); + } len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index bfd91e23c6890..4bc7ea173cdce 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -317,7 +317,8 @@ ENGINE *ENGINE_by_id(const char *id) * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { - if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL) + if (OPENSSL_issetugid() + || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || From 8fe62027596de34f820c6a58003e247eac9806a7 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 3 Apr 2018 17:54:25 +0200 Subject: [PATCH 2/4] Document OPENSSL_ENGINES is ignored in set-user-ID and set-group-ID programs --- doc/man3/ENGINE_add.pod | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index b009949d6e2dd..a2fc299482fc0 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -568,6 +568,7 @@ extension). =item B The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. =back From ed341224b7f49e640dead8e3415e3e03029e205a Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 3 Apr 2018 18:14:54 +0200 Subject: [PATCH 3/4] Document how OPENSSL_CONF is used in libcrypto --- doc/man3/OPENSSL_config.pod | 11 +++++++++++ doc/man5/config.pod | 16 ++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index e70fcd5498354..ac686e6222ae9 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -48,6 +48,17 @@ application calls OPENSSL_config() it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file. +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 RETURN VALUES Neither OPENSSL_config() nor OPENSSL_no_config() return a value. diff --git a/doc/man5/config.pod b/doc/man5/config.pod index ef8e10ef1b196..09d72be2fd7f5 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -384,6 +384,22 @@ will output: showing that the OID "newoid1" has been added as "1.2.3.4.1". +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=item B + +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> From 31bae1e87d84e8097c2a5f20b50d19d7137bb812 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 3 Apr 2018 18:32:40 +0200 Subject: [PATCH 4/4] Add an entry to CHANGES --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 0c1e8984bc414..4831927b14bab 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values + in libcrypto when run as setuid/setgid. + [Bernd Edlinger] + *) Added new public header file and documentation for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. [Matthias St. Pierre]