[3/4] eal: don't load drivers from insecure paths
Checks
Commit Message
Any paths on the system which are world-writable are insecure and should
not be used for loading drivers. Therefore check each driver path before
loading it and error out on insecure ones.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
---
lib/librte_eal/common/eal_common_options.c | 75 ++++++++++++++++++++--
1 file changed, 69 insertions(+), 6 deletions(-)
@@ -15,6 +15,7 @@
#include <getopt.h>
#ifndef RTE_EXEC_ENV_WINDOWS
#include <dlfcn.h>
+#include <libgen.h>
#endif
#include <sys/types.h>
#include <sys/stat.h>
@@ -368,10 +369,74 @@ eal_plugindir_init(const char *path)
return (dent == NULL) ? 0 : -1;
}
+#ifdef RTE_EXEC_ENV_WINDOWS
+int
+eal_plugins_init(void)
+{
+ return 0;
+}
+#else
+
+static int
+verify_perms(const char *dirpath)
+{
+ struct stat st;
+
+ /* if not root, check down one level first */
+ if (strcmp(dirpath, "/") != 0) {
+ char copy[PATH_MAX];
+
+ strlcpy(copy, dirpath, PATH_MAX);
+ if (verify_perms(dirname(copy)) != 0)
+ return -1;
+ }
+
+ /* call stat to check for permissions and ensure not world writable */
+ if (stat(dirpath, &st) != 0) {
+ RTE_LOG(ERR, EAL, "Error with stat on %s, %s\n",
+ dirpath, strerror(errno));
+ return -1;
+ }
+ if (st.st_mode & S_IWOTH) {
+ RTE_LOG(ERR, EAL,
+ "Error, directory path %s is world-writable and insecure\n",
+ dirpath);
+ return -1;
+ }
+
+ return 0;
+}
+
+static void *
+eal_dlopen(const char *pathname)
+{
+ void *retval = NULL;
+ char *realp = realpath(pathname, NULL);
+
+ if (realp == NULL) {
+ RTE_LOG(ERR, EAL, "Error with realpath, %s\n", strerror(errno));
+ goto out;
+ }
+ if (strnlen(realp, PATH_MAX) == PATH_MAX) {
+ RTE_LOG(ERR, EAL, "Error, driver path greater than PATH_MAX\n");
+ goto out;
+ }
+
+ /* do permissions checks */
+ if (verify_perms(realp) != 0)
+ goto out;
+
+ retval = dlopen(realp, RTLD_NOW);
+ if (retval == NULL)
+ RTE_LOG(ERR, EAL, "%s\n", dlerror());
+out:
+ free(realp);
+ return retval;
+}
+
int
eal_plugins_init(void)
{
-#ifndef RTE_EXEC_ENV_WINDOWS
struct shared_driver *solib = NULL;
struct stat sb;
@@ -391,17 +456,15 @@ eal_plugins_init(void)
} else {
RTE_LOG(DEBUG, EAL, "open shared lib %s\n",
solib->name);
- solib->lib_handle = dlopen(solib->name, RTLD_NOW);
- if (solib->lib_handle == NULL) {
- RTE_LOG(ERR, EAL, "%s\n", dlerror());
+ solib->lib_handle = eal_dlopen(solib->name);
+ if (solib->lib_handle == NULL)
return -1;
- }
}
}
return 0;
-#endif
}
+#endif
/*
* Parse the coremask given as argument (hexadecimal string) and fill