lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1475180456-5624-1-git-send-email-aweee0@gmail.com>
Date:   Fri, 30 Sep 2016 05:20:56 +0900
From:   Wookje Kwon <aweee0@...il.com>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Taeung Song <taeung@...slab.kr>, Wookje Kwon <aweee0@...il.com>
Subject: [PATCH] perf config: Fix a bug about permission checking state of config file

perf_config_set__init() check state of user config file
before opening it. But there is a bug when checking uid
and euid of current user. Although current user have superuser
permission, a error occurs as below.

Before:

user01@...alhost:~$ ls -l ~/.perfconfig
-rw-rw-r-- 1 user01 user01 89 2016-09-30 01:52 /home/user01/.perfconfig

user01@...alhost:~/linux-perf/tools/perf/util$ sudo perf config --list
  Warning: File /home/user01/.perfconfig not owned by current user or root, ignoring it.
  Warning: File /home/user01/.perfconfig not owned by current user or root, ignoring it.

So, Fix it allowing a user who have superuser permission
to open user config file.

After:

user01@...alhost:~$ ls -l ~/.perfconfig
-rw-rw-r-- 1 user01 user01 89  2016-09-30 01:52 /home/user01/.perfconfig

user01@...alhost:~$ sudo perf config --list
annotate.hide_src_code=false
report.queue-size=0
tui.report=on
colors.top=red, default

Cc: Taeung Song <taeung@...slab.kr>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Jiri Olsa <jolsa@...nel.org>
Signed-off-by: Wookje Kwon <aweee0@...il.com>
---
 tools/perf/util/config.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/config.c b/tools/perf/util/config.c
index 18dae74..f390ef9db 100644
--- a/tools/perf/util/config.c
+++ b/tools/perf/util/config.c
@@ -619,6 +619,7 @@ static int perf_config_set__init(struct perf_config_set *set)
 	if (perf_config_global() && home) {
 		char *user_config = strdup(mkpath("%s/.perfconfig", home));
 		struct stat st;
+		unsigned int st_euid = geteuid();
 
 		if (user_config == NULL) {
 			warning("Not enough memory to process %s/.perfconfig, "
@@ -629,7 +630,7 @@ static int perf_config_set__init(struct perf_config_set *set)
 		if (stat(user_config, &st) < 0)
 			goto out_free;
 
-		if (st.st_uid && (st.st_uid != geteuid())) {
+		if (st.st_uid && st_euid && (st.st_uid != st_euid)) {
 			warning("File %s not owned by current user or root, "
 				"ignoring it.", user_config);
 			goto out_free;
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ