[Openvas-commits] r11599 - in trunk/openvas-scanner: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Sep 12 14:32:14 CEST 2011 

Author: mwiegand
Date: 2011-09-12 14:32:12 +0200 (Mon, 12 Sep 2011)
New Revision: 11599

Modified:
   trunk/openvas-scanner/ChangeLog
   trunk/openvas-scanner/src/oval_plugins.c
Log:
* src/oval_plugins.c (ovaldi_launch): Tighten security for ovaldi
  launch: Ensure file names are not easily guessable, drop privileges
  early and place files in a randomly named temporary directory after
  privileges have been dropped. Improve cleanup after ovaldi launch.


Modified: trunk/openvas-scanner/ChangeLog
===================================================================
--- trunk/openvas-scanner/ChangeLog	2011-09-12 12:11:04 UTC (rev 11598)
+++ trunk/openvas-scanner/ChangeLog	2011-09-12 12:32:12 UTC (rev 11599)
@@ -1,3 +1,10 @@
+2011-09-12  Michael Wiegand <michael.wiegand at greenbone.net>
+
+	* src/oval_plugins.c (ovaldi_launch): Tighten security for ovaldi
+	launch: Ensure file names are not easily guessable, drop privileges
+	early and place files in a randomly named temporary directory after
+	privileges have been dropped. Improve cleanup after ovaldi launch.
+
 2011-08-12  Michael Wiegand <michael.wiegand at greenbone.net>
 
 	* tools/greenbone-nvt-sync: Update VERSION.

Modified: trunk/openvas-scanner/src/oval_plugins.c
===================================================================
--- trunk/openvas-scanner/src/oval_plugins.c	2011-09-12 12:11:04 UTC (rev 11598)
+++ trunk/openvas-scanner/src/oval_plugins.c	2011-09-12 12:32:12 UTC (rev 11599)
@@ -34,6 +34,7 @@
 #include <sys/types.h> /* for getpwnam() */
 #include <pwd.h>       /* for getpwnam() */
 #include <signal.h>    /* for signal() */
+#include <stdlib.h>    /* for mkdtemp */
 
 #include <openvas/nasl/nasl.h>
 #include <openvas/misc/network.h>    /* for internal_send */
@@ -45,6 +46,8 @@
 #include <openvas/misc/internal_com.h>  /* for INTERNAL_COMM_MSG_TYPE_CTRL */
 
 #include <openvas/base/nvti.h>  /* for nvti_t */
+#include <openvas/base/drop_privileges.h> /* for drop_privileges */
+#include <openvas/base/openvas_file.h>  /* for openvas_file_remove_recurse */
 
 #include <glib.h>
 #include <glib/gstdio.h>
@@ -581,21 +584,34 @@
   gchar *folder = g_strndup ((char *) arg_get_value (g_args, "name"),
                              strlen ((char *) arg_get_value (g_args, "name")) -
                              strlen (basename));
+  GError *error;
+  gchar *tmpdirtemplate;
+  char *tmpdir;
 
-  /** @todo What frees this? */
-  sc_filename = g_strconcat (folder, "sc-out.xml", NULL);
-  log_write ("SC Filename: %s\n", sc_filename);
-  /** @todo What if some other process does an ovaldi scan? */
-  results_filename = "/tmp/results.xml";
+  int drop_priv_res = OPENVAS_DROP_PRIVILEGES_OK;
+  drop_priv_res = drop_privileges (NULL, &error);
+  if (drop_priv_res != OPENVAS_DROP_PRIVILEGES_OK)
+    {
+      if (drop_priv_res != OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT)
+        {
+          log_write ("Failed to drop privileges for ovaldi launch!");
+          g_error_free (error);
+          return;
+        }
+      g_error_free (error);
+    }
 
-  if (g_file_test (results_filename, G_FILE_TEST_EXISTS))
+  tmpdirtemplate = g_strdup_printf ("%s/openvasovalXXXXXX", g_get_tmp_dir ());
+  tmpdir = mkdtemp (tmpdirtemplate);
+
+  if (tmpdir == NULL)
     {
-      log_write
-        ("Found existing results file in %s, deleting it to avoid conflicts.",
-         results_filename);
-      g_unlink (results_filename);
+      log_write ("Failed to create temporary directory!");
+      return;
     }
 
+  sc_filename = g_strconcat (tmpdir, "/sc-out.xml", NULL);
+
   sc_file = fopen (sc_filename, "w");
   if (sc_file == NULL)
     {
@@ -979,6 +995,8 @@
   if (sc_file != NULL)
     fclose (sc_file);
 
+  results_filename = g_strconcat (tmpdir, "/results.xml", NULL);
+
   gchar **argv = (gchar **) g_malloc (11 * sizeof (gchar *));
   argv[0] = g_strdup ("ovaldi");
   argv[1] = g_strdup ("-m");    // Do not check OVAL MD5 signature
@@ -994,7 +1012,7 @@
   //   log_write ("Launching ovaldi with: %s\n", g_strjoinv (" ", argv));
 
   if (g_spawn_sync
-      (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, oval_drop_privileges, NULL, NULL, NULL,
+      (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL,
        NULL, NULL))
     {
       GMarkupParser parser;
@@ -1074,6 +1092,10 @@
     }
   g_strfreev (argv);
   g_free (result_string);
+  g_free (results_filename);
+  g_free (sc_filename);
+  openvas_file_remove_recurse (tmpdir);
+  g_free (tmpdir);
 }
 
 pl_class_t oval_plugin_class = {

More information about the Openvas-commits mailing list