Skip to content
This repository has been archived by the owner on Apr 30, 2023. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
abuild-sudo: don't allow --keys-dir
Not allowing --allow-untrusted is obviously a good idea, but it can be
trivially bypassed if --keys-dir is allowed:

$ abuild-apk add foo-1-r0.apk
ERROR: foo-1-r0.apk: UNTRUSTED signature
$ abuild-apk --allow-untrusted add foo-1-r0.apk
abuild-apk: --allow-untrusted: not allowed option
$ cp -rp /etc/apk/keys /tmp/keys
$ cp untrusted.pub /tmp/keys
$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
(1/1) Installing foo (1-r0)
OK: 4319 MiB in 806 packages

If both --allow-untrusted and --keys-dir are not allowed, then it should
no longer be possible for an unprivileged member of the abuild group to
add an untrusted package.

$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
abuild-apk: --keys-dir: not allowed option
  • Loading branch information
sroracle committed Jun 14, 2019
1 parent c26cc11 commit 4f90ce9
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions abuild-sudo.c
Expand Up @@ -32,6 +32,12 @@ static const char* valid_cmds[] = {
NULL
};

static const char* invalid_opts[] = {
"--allow-untrusted",
"--keys-dir",
NULL,
};

const char *get_command_path(const char *cmd)
{
const char *p;
Expand All @@ -46,6 +52,14 @@ const char *get_command_path(const char *cmd)
return NULL;
}

void check_option(const char *opt)
{
int i;
for (i = 0; invalid_opts[i] != NULL; i++)
if (strcmp(opt, invalid_opts[i]) == 0)
errx(1, "%s: not allowed option", opt);
}

int is_in_group(gid_t group)
{
int ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
Expand Down Expand Up @@ -105,10 +119,8 @@ int main(int argc, const char *argv[])
if (path == NULL)
errx(1, "%s: Not a valid subcommand", cmd);

/* we dont allow --allow-untrusted option */
for (i = 1; i < argc; i++)
if (strcmp(argv[i], "--allow-untrusted") == 0)
errx(1, "%s: not allowed option", "--allow-untrusted");
check_option(argv[i]);

argv[0] = path;
/* set our uid to root so bbsuid --install works */
Expand Down

0 comments on commit 4f90ce9

Please sign in to comment.