From e02d5dd9b3143b2e72d2c71e914d7bd96a47bf7b Mon Sep 17 00:00:00 2001
From: Sebastian Huber <sebastian.huber@embedded-brains.de>
Date: Mon, 17 Nov 2014 13:35:58 +0100
Subject: Ensure security of default user environment

---
 cpukit/libcsupport/src/base_fs.c          |   5 +-
 cpukit/libcsupport/src/pwdgrp.c           |  17 ++-
 testsuites/libtests/Makefile.am           |   1 +
 testsuites/libtests/configure.ac          |   1 +
 testsuites/libtests/pwdgrp02/Makefile.am  |  19 ++++
 testsuites/libtests/pwdgrp02/init.c       | 180 ++++++++++++++++++++++++++++++
 testsuites/libtests/pwdgrp02/pwdgrp02.doc |  11 ++
 testsuites/libtests/pwdgrp02/pwdgrp02.scn |   2 +
 8 files changed, 227 insertions(+), 9 deletions(-)
 create mode 100644 testsuites/libtests/pwdgrp02/Makefile.am
 create mode 100644 testsuites/libtests/pwdgrp02/init.c
 create mode 100644 testsuites/libtests/pwdgrp02/pwdgrp02.doc
 create mode 100644 testsuites/libtests/pwdgrp02/pwdgrp02.scn

diff --git a/cpukit/libcsupport/src/base_fs.c b/cpukit/libcsupport/src/base_fs.c
index 5a0e67b158..16fa9b8a88 100644
--- a/cpukit/libcsupport/src/base_fs.c
+++ b/cpukit/libcsupport/src/base_fs.c
@@ -49,12 +49,9 @@ void rtems_filesystem_initialize( void )
    *  Traditionally RTEMS devices are under "/dev" so install this directory.
    *
    *  If the mkdir() fails, we can't print anything so just fatal error.
-   *
-   *  NOTE: UNIX root is 755 and owned by root/root (0/0).  It is actually
-   *        created that way by the IMFS.
    */
 
-  rv = mkdir( "/dev", 0777);
+  rv = mkdir( "/dev", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH );
   if ( rv != 0 )
     rtems_fatal_error_occurred( 0xABCD0003 );
 
diff --git a/cpukit/libcsupport/src/pwdgrp.c b/cpukit/libcsupport/src/pwdgrp.c
index ea240975b4..e1e08662d6 100644
--- a/cpukit/libcsupport/src/pwdgrp.c
+++ b/cpukit/libcsupport/src/pwdgrp.c
@@ -26,6 +26,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
@@ -41,11 +42,17 @@ static pthread_once_t pwdgrp_once = PTHREAD_ONCE_INIT;
 
 static void init_file(const char *name, const char *content)
 {
-  FILE *fp = fopen(name, "wx");
+  /*
+   * Unlike to standard UNIX systems, these files are only readable and
+   * writeable for the root user.  This way we avoid the need for an
+   * /etc/shadow.  In case more UNIX compatibility is desired, this can be
+   * added on demand.
+   */
+  int fd = open(name, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
 
-  if (fp != NULL) {
-    fputs(content, fp);
-    fclose(fp);
+  if (fd >= 0) {
+    write(fd, content, strlen(content));
+    close(fd);
   }
 }
 
@@ -54,7 +61,7 @@ static void init_file(const char *name, const char *content)
  */
 static void pwdgrp_init(void)
 {
-  mkdir("/etc", 0777);
+  mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 
   /*
    *  Initialize /etc/passwd
diff --git a/testsuites/libtests/Makefile.am b/testsuites/libtests/Makefile.am
index a5261a484b..a5f39d8fe1 100644
--- a/testsuites/libtests/Makefile.am
+++ b/testsuites/libtests/Makefile.am
@@ -1,6 +1,7 @@
 ACLOCAL_AMFLAGS = -I ../aclocal
 
 _SUBDIRS = POSIX
+_SUBDIRS += pwdgrp02
 _SUBDIRS += shell01
 _SUBDIRS += pwdgrp01
 _SUBDIRS += crypt01
diff --git a/testsuites/libtests/configure.ac b/testsuites/libtests/configure.ac
index 80245f9c64..8efedb2385 100644
--- a/testsuites/libtests/configure.ac
+++ b/testsuites/libtests/configure.ac
@@ -66,6 +66,7 @@ AS_IF([test x"$HAVE_LIBDL" = x"yes"],[
 
 # Explicitly list all Makefiles here
 AC_CONFIG_FILES([Makefile
+pwdgrp02/Makefile
 shell01/Makefile
 pwdgrp01/Makefile
 crypt01/Makefile
diff --git a/testsuites/libtests/pwdgrp02/Makefile.am b/testsuites/libtests/pwdgrp02/Makefile.am
new file mode 100644
index 0000000000..10ce651367
--- /dev/null
+++ b/testsuites/libtests/pwdgrp02/Makefile.am
@@ -0,0 +1,19 @@
+rtems_tests_PROGRAMS = pwdgrp02
+pwdgrp02_SOURCES = init.c
+
+dist_rtems_tests_DATA = pwdgrp02.scn pwdgrp02.doc
+
+include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP@.cfg
+include $(top_srcdir)/../automake/compile.am
+include $(top_srcdir)/../automake/leaf.am
+
+AM_CPPFLAGS += -I$(top_srcdir)/../support/include
+
+LINK_OBJS = $(pwdgrp02_OBJECTS)
+LINK_LIBS = $(pwdgrp02_LDLIBS)
+
+pwdgrp02$(EXEEXT): $(pwdgrp02_OBJECTS) $(pwdgrp02_DEPENDENCIES)
+	@rm -f pwdgrp02$(EXEEXT)
+	$(make-exe)
+
+include $(top_srcdir)/../automake/local.am
diff --git a/testsuites/libtests/pwdgrp02/init.c b/testsuites/libtests/pwdgrp02/init.c
new file mode 100644
index 0000000000..8f79502174
--- /dev/null
+++ b/testsuites/libtests/pwdgrp02/init.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * The license and distribution terms for this file may be
+ * found in the file LICENSE in this distribution or at
+ * http://www.rtems.org/license/LICENSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+  #include "config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "tmacros.h"
+
+const char rtems_test_name[] = "PWDGRP 2";
+
+static void assert_pwd(struct passwd *pwd)
+{
+  rtems_test_assert(strcmp(pwd->pw_name, "root") == 0);
+  rtems_test_assert(strcmp(pwd->pw_passwd, "") == 0);
+  rtems_test_assert(pwd->pw_uid == 0);
+  rtems_test_assert(pwd->pw_gid == 0);
+  rtems_test_assert(strcmp(pwd->pw_comment, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_gecos, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_dir, "") == 0);
+  rtems_test_assert(strcmp(pwd->pw_shell, "") == 0);
+}
+
+static void assert_grp(struct group *grp)
+{
+  rtems_test_assert(strcmp(grp->gr_name, "root") == 0);
+  rtems_test_assert(strcmp(grp->gr_passwd, "") == 0);
+  rtems_test_assert(grp->gr_gid == 0);
+  rtems_test_assert(grp->gr_mem[0] == NULL);
+}
+
+static void assert_dir(const char *name)
+{
+  int rv;
+  struct stat st;
+
+  rv = lstat(name, &st);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(st.st_uid == 0);
+  rtems_test_assert(st.st_gid == 0);
+  rtems_test_assert(
+    st.st_mode == (S_IFDIR | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)
+  );
+}
+
+static void test(void)
+{
+  int rv;
+  struct passwd pwd;
+  struct group grp;
+  struct passwd *pwd_res;
+  struct group *grp_res;
+  char buf[256];
+
+  rtems_test_assert(getuid() == 0);
+  rtems_test_assert(geteuid() == 0);
+
+  rtems_test_assert(getgid() == 0);
+  rtems_test_assert(getegid() == 0);
+
+  memset(&pwd, 0xff, sizeof(pwd));
+  rv = getpwnam_r("root", &pwd, &buf[0], sizeof(buf), &pwd_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&pwd == pwd_res);
+  assert_pwd(pwd_res);
+
+  memset(&pwd, 0xff, sizeof(pwd));
+  rv = getpwuid_r(0, &pwd, &buf[0], sizeof(buf), &pwd_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&pwd == pwd_res);
+  assert_pwd(pwd_res);
+
+  memset(&grp, 0xff, sizeof(grp));
+  rv = getgrnam_r("root", &grp, &buf[0], sizeof(buf), &grp_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&grp == grp_res);
+  assert_grp(grp_res);
+
+  memset(&grp, 0xff, sizeof(grp));
+  rv = getgrgid_r(0, &grp, &buf[0], sizeof(buf), &grp_res);
+  rtems_test_assert(rv == 0);
+  rtems_test_assert(&grp == grp_res);
+  assert_grp(grp_res);
+
+  assert_dir("/dev");
+  assert_dir("/etc");
+
+  rv = setuid(1);
+  rtems_test_assert(rv == 0);
+
+  rv = seteuid(1);
+  rtems_test_assert(rv == 0);
+
+  errno = 0;
+  rv = unlink("/etc/passwd");
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = unlink("/etc/group");
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", O_RDONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", O_RDONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", O_WRONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", O_WRONLY);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/passwd", 0);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+
+  errno = 0;
+  rv = open("/etc/group", 0);
+  rtems_test_assert(rv == -1);
+  rtems_test_assert(errno == EACCES);
+}
+
+static void Init(rtems_task_argument arg)
+{
+  TEST_BEGIN();
+
+  test();
+
+  TEST_END();
+  rtems_test_exit(0);
+}
+
+#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
+#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER
+
+#define CONFIGURE_USE_IMFS_AS_BASE_FILESYSTEM
+
+#define CONFIGURE_LIBIO_MAXIMUM_FILE_DESCRIPTORS 4
+
+#define CONFIGURE_MAXIMUM_TASKS 1
+
+#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
+
+#define CONFIGURE_INIT
+
+#include <rtems/confdefs.h>
diff --git a/testsuites/libtests/pwdgrp02/pwdgrp02.doc b/testsuites/libtests/pwdgrp02/pwdgrp02.doc
new file mode 100644
index 0000000000..67e5e5c372
--- /dev/null
+++ b/testsuites/libtests/pwdgrp02/pwdgrp02.doc
@@ -0,0 +1,11 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: pwdgrp02
+
+directives:
+
+  - _libcsupport_pwdgrp_init
+
+concepts:
+
+  - Ensures security of default user environment.
diff --git a/testsuites/libtests/pwdgrp02/pwdgrp02.scn b/testsuites/libtests/pwdgrp02/pwdgrp02.scn
new file mode 100644
index 0000000000..ca1d6aedb1
--- /dev/null
+++ b/testsuites/libtests/pwdgrp02/pwdgrp02.scn
@@ -0,0 +1,2 @@
+*** BEGIN OF TEST PWDGRP 2 ***
+*** END OF TEST PWDGRP 2 ***
-- 
cgit v1.2.3