[Openvas-commits] r11678 - in branches/openvas-scanner-3-2: . src

Fri Sep 23 11:18:46 CEST 2011

Author: mwiegand
Date: 2011-09-23 11:18:45 +0200 (Fri, 23 Sep 2011)
New Revision: 11678

Modified:
   branches/openvas-scanner-3-2/ChangeLog
   branches/openvas-scanner-3-2/src/oval_plugins.c
Log:
* src/oval_plugins.c (ovaldi_launch): Tighten security for ovaldi
  launch: Ensure file names are not easily guessable, drop privileges
  early and place files in a randomly named temporary directory after
  privileges have been dropped. Improve cleanup after ovaldi launch.
  Backport from trunk, originally committed in SVN r11599.


Modified: branches/openvas-scanner-3-2/ChangeLog
===================================================================

--- branches/openvas-scanner-3-2/ChangeLog	2011-09-23 08:55:34 UTC (rev 11677)
+++ branches/openvas-scanner-3-2/ChangeLog	2011-09-23 09:18:45 UTC (rev 11678)
@@ -1,3 +1,11 @@
+2011-09-23  Michael Wiegand <michael.wiegand at greenbone.net>
+
+	* src/oval_plugins.c (ovaldi_launch): Tighten security for ovaldi
+	launch: Ensure file names are not easily guessable, drop privileges
+	early and place files in a randomly named temporary directory after
+	privileges have been dropped. Improve cleanup after ovaldi launch.
+	Backport from trunk, originally committed in SVN r11599.
+
 2011-06-08  Michael Wiegand <michael.wiegand at greenbone.net>
 
 	Post release version bump.

Modified: branches/openvas-scanner-3-2/src/oval_plugins.c
===================================================================
--- branches/openvas-scanner-3-2/src/oval_plugins.c	2011-09-23 08:55:34 UTC (rev 11677)
+++ branches/openvas-scanner-3-2/src/oval_plugins.c	2011-09-23 09:18:45 UTC (rev 11678)
@@ -34,6 +34,7 @@
 #include <sys/types.h> /* for getpwnam() */
 #include <pwd.h>       /* for getpwnam() */
 #include <signal.h>    /* for signal() */
+#include <stdlib.h>    /* for mkdtemp */
 
 #include <openvas/nasl/nasl.h>
 #include <openvas/misc/network.h>    /* for internal_send */
@@ -44,6 +45,8 @@
 #include <openvas/misc/proctitle.h>  /* for setproctitle */
 
 #include <openvas/base/nvti.h>  /* for nvti_t */
+#include <openvas/base/drop_privileges.h> /* for drop_privileges */
+#include <openvas/base/openvas_file.h>  /* for openvas_file_remove_recurse */
 
 #include <glib.h>
 #include <glib/gstdio.h>
@@ -580,21 +583,34 @@
   gchar *folder = g_strndup ((char *) arg_get_value (g_args, "name"),
                              strlen ((char *) arg_get_value (g_args, "name")) -
                              strlen (basename));
+  GError *error;
+  gchar *tmpdirtemplate;
+  char *tmpdir;
 
-  /** @todo What frees this? */
-  sc_filename = g_strconcat (folder, "sc-out.xml", NULL);
-  log_write ("SC Filename: %s\n", sc_filename);
-  /** @todo What if some other process does an ovaldi scan? */
-  results_filename = "/tmp/results.xml";
+  int drop_priv_res = OPENVAS_DROP_PRIVILEGES_OK;
+  drop_priv_res = drop_privileges (NULL, &error);
+  if (drop_priv_res != OPENVAS_DROP_PRIVILEGES_OK)
+    {
+      if (drop_priv_res != OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT)
+        {
+          log_write ("Failed to drop privileges for ovaldi launch!");
+          g_error_free (error);
+          return;
+        }
+      g_error_free (error);
+    }
 
-  if (g_file_test (results_filename, G_FILE_TEST_EXISTS))
+  tmpdirtemplate = g_strdup_printf ("%s/openvasovalXXXXXX", g_get_tmp_dir ());
+  tmpdir = mkdtemp (tmpdirtemplate);
+
+  if (tmpdir == NULL)
     {
-      log_write
-        ("Found existing results file in %s, deleting it to avoid conflicts.",
-         results_filename);
-      g_unlink (results_filename);
+      log_write ("Failed to create temporary directory!");
+      return;
     }
 
+  sc_filename = g_strconcat (tmpdir, "/sc-out.xml", NULL);
+
   sc_file = fopen (sc_filename, "w");
   if (sc_file == NULL)
     {
@@ -978,6 +994,8 @@
   if (sc_file != NULL)
     fclose (sc_file);
 
+  results_filename = g_strconcat (tmpdir, "/results.xml", NULL);
+
   gchar **argv = (gchar **) g_malloc (11 * sizeof (gchar *));
   argv[0] = g_strdup ("ovaldi");
   argv[1] = g_strdup ("-m");    // Do not check OVAL MD5 signature
@@ -993,7 +1011,7 @@
   //   log_write ("Launching ovaldi with: %s\n", g_strjoinv (" ", argv));
 
   if (g_spawn_sync
-      (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, oval_drop_privileges, NULL, NULL, NULL,
+      (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL,
        NULL, NULL))
     {
       GMarkupParser parser;
@@ -1073,6 +1091,10 @@
     }
   g_strfreev (argv);
   g_free (result_string);
+  g_free (results_filename);
+  g_free (sc_filename);
+  openvas_file_remove_recurse (tmpdir);
+  g_free (tmpdir);
 }
 
 pl_class_t oval_plugin_class = {

