Bug #1072

avatar

exposed IpcChannel is world-writable

Added by Mirco Bauer 3461 days ago. Updated 3448 days ago.

Status:Closed Start:07/01/2015
Priority:Urgent Due date:
Assigned to:avatarMirco Bauer % Done:

100%

Category:Frontend GNOME
Target version:1.0
Complexity:

Medium

Found in Version:

Votes: 0

Description

in /tmp
srw-rw-rw- 1 mirco.bauer     mirco.bauer           0 2015-06-22 11:30 _usr_lib_smuxi_smuxi-frontend-gnome.exe

This is problematic for systems with multiple users, as the other users can control the Smuxi instance of the first user.

Associated revisions

Revision 709af0de6cdd439c307aeb359c7a309e2eede50e
Added by Mirco Bauer 3448 days ago

Frontend-GNOME: ensure rendezvous point for IPC is private (closes: #1072)

History

Updated by Mirco Bauer 3461 days ago

avatar
From ./mcs/class/System.Runtime.Remoting/System.Runtime.Remoting.Channels.Ipc.Unix/IpcServerChannel.cs:
                internal static string BuildPathFromPortName (string portName)
                {
                        if (!Win32.IpcChannelHelper.IsValidPipeName (portName))
                                throw new RemotingException ("Invalid IPC port name");
                        return Path.Combine (Path.GetTempPath (), portName);
                }

Updated by Mirco Bauer 3461 days ago

avatar
in mcs/class/Mono.Posix/Mono.Remoting.Channels.Unix/UnixServerChannel.cs:
            listener = new UnixListener (path);
            Mono.Unix.Native.Syscall.chmod (path,
                                     Mono.Unix.Native.FilePermissions.S_IRUSR |
                                     Mono.Unix.Native.FilePermissions.S_IWUSR |
                                     Mono.Unix.Native.FilePermissions.S_IRGRP |
                                     Mono.Unix.Native.FilePermissions.S_IWGRP |
                                     Mono.Unix.Native.FilePermissions.S_IROTH |
                                     Mono.Unix.Native.FilePermissions.S_IWOTH);

Updated by Mirco Bauer 3461 days ago

avatar

from ./mcs/class/System.Runtime.Remoting/System.Runtime.Remoting.Channels.Ipc.Unix/README:

System.Runtime.Remoting.Channels.Ipc.Unix
=========================================

*.Ipc.Unix is a wrapper for Mono.Remoting.Channels.Unix.
The Unix channels are loaded via reflection.

The wrapper is performing the following mappings:

IPC                     UNIX
--------------------------------------
portName="foo"          path=$TEMP/foo
ipc://foo/bar.rem    unix://$TEMP/foo?/bar.rem

Updated by Mirco Bauer 3461 days ago

avatar

So Mono is creating a unix socket in /tmp, chmodded 666, named after the port name of the IPC channel. According to MSDN docs [0] it is supposed to be only accessible by the same user by default, that would be chmod 600 on Unix.

https://msdn.microsoft.com/en-us/library/ms172351(v=vs.80)

Updated by Mirco Bauer 3458 days ago

avatar
  • Priority changed from Normal to Urgent

Updated by Mirco Bauer 3449 days ago

avatar

Path.GetTempPath() -> [ICall] Path.get_temp_path() -> ves_icall_System_IO_get_temp_path() -> g_get_tmp_dir() of eglib [0] or glib [1]

https://github.com/mono/mono/blob/mono-3.2.8-branch/eglib/src/gmisc-win32.c#L146
https://developer.gnome.org/glib/stable/glib-Miscellaneous-Utility-Functions.html#g-get-tmp-dir

So the TMP, TMPDIR and TEMP environment variables influences the location of the chosen temp directory

Updated by Mirco Bauer 3448 days ago

avatar
  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF