Logo Search packages:      
Sourcecode: ufw version File versions

def src::backend::UFWBackend::_do_checks (   self  )  [private]

Perform basic security checks:
is setuid or setgid (for non-Linux systems)
checks that script is owned by root
checks that every component in absolute path are owned by root
checks that every component of absolute path are not a symlink
warn if script is group writable
warn if part of script path is group writable

Doing this at the beginning causes a race condition with later
operations that don't do these checks.  However, if the user running
this script is root, then need to be root to exploit the race
condition (and you are hosed anyway...)

Definition at line 66 of file backend.py.

00066                         :
        '''Perform basic security checks:
        is setuid or setgid (for non-Linux systems)
        checks that script is owned by root
        checks that every component in absolute path are owned by root
        checks that every component of absolute path are not a symlink
        warn if script is group writable
        warn if part of script path is group writable

        Doing this at the beginning causes a race condition with later
        operations that don't do these checks.  However, if the user running
        this script is root, then need to be root to exploit the race
        condition (and you are hosed anyway...)
        '''

        if not self.do_checks:
            err_msg = _("Checks disabled")
            warn(err_msg)
            return True

        # Not needed on Linux, but who knows the places we will go...
        if os.getuid() != os.geteuid():
            err_msg = _("ERROR: this script should not be SUID")
            raise UFWError(err_msg)
        if os.getgid() != os.getegid():
            err_msg = _("ERROR: this script should not be SGID")
            raise UFWError(err_msg)
        uid = os.getuid()

        if uid != 0:
            err_msg = _("You need to be root to run this script")
            raise UFWError(err_msg)

        # Use these so we only warn once
        warned_world_write = {}
        warned_group_write = {}
        warned_owner = {}

        pat = re.compile(r'^\.')

        profiles = []
        if not os.path.isdir(self.files['apps']):
            warn_msg = _("'%s' does not exist") % (self.files['apps'])
            warn(warn_msg)
        else:
            for profile in os.listdir(self.files['apps']):
                profiles.append(os.path.join(self.files['apps'], profile))

        for path in self.files.values() + [ os.path.abspath(sys.argv[0]) ] + \
                profiles:
            while True:
                debug("Checking " + path)
                if pat.search(os.path.basename(path)):
                    err_msg = _("found hidden directory in path: %s") % (path)
                    raise UFWError(err_msg)

                if path == self.files['apps'] and \
                           not os.path.isdir(self.files['apps']):
                    break

                try:
                    statinfo = os.stat(path)
                    mode = statinfo[ST_MODE]
                except OSError, e:
                    err_msg = _("Couldn't stat '%s'") % (path)
                    raise UFWError(err_msg)
                except Exception:
                    raise

                if os.path.islink(path):
                    err_msg = _("found symbolic link in path: %s") % (path)
                    raise UFWError(err_msg)
                if statinfo.st_uid != 0 and not warned_owner.has_key(path):
                    warn_msg = _("uid is %s but '%s' is owned by %s") % \
                                (str(uid), path, str(statinfo.st_uid))
                    warn(warn_msg)
                    warned_owner[path] = True
                if mode & S_IWOTH and not warned_world_write.has_key(path):
                    warn_msg = _("%s is world writable!") % (path)
                    warn(warn_msg)
                    warned_world_write[path] = True
                if mode & S_IWGRP and not warned_group_write.has_key(path):
                    warn_msg = _("%s is group writable!") % (path)
                    warn(warn_msg)
                    warned_group_write[path] = True

                if path == "/":
                    break

                path = os.path.dirname(path)
                if not path:
                    raise

        for f in self.files:
            if f != 'apps' and not os.path.isfile(self.files[f]):
                err_msg = _("'%s' file '%s' does not exist") % (f, \
                                                                self.files[f])
                raise UFWError(err_msg)

    def _get_defaults(self):


Generated by  Doxygen 1.6.0   Back to index