|
From: <sv...@va...> - 2008-11-22 12:03:28
|
Author: dirk
Date: 2008-11-22 12:03:19 +0000 (Sat, 22 Nov 2008)
New Revision: 8798
Log:
ignore .valgrindrc files that are world writeable
or not owned by the current user (CVE-2008-4865)
Modified:
trunk/coregrind/m_commandline.c
trunk/docs/xml/manual-core.xml
Modified: trunk/coregrind/m_commandline.c
===================================================================
--- trunk/coregrind/m_commandline.c 2008-11-21 19:18:47 UTC (rev 8797)
+++ trunk/coregrind/m_commandline.c 2008-11-22 12:03:19 UTC (rev 8798)
@@ -57,7 +57,7 @@
{
Int n;
SysRes fd;
- Long size;
+ struct vg_stat stat_buf;
HChar* f_clo = NULL;
HChar filename[VKI_PATH_MAX];
@@ -65,15 +65,24 @@
( NULL == dir ? "" : dir ) );
fd = VG_(open)(filename, 0, VKI_S_IRUSR);
if ( !fd.isError ) {
- size = VG_(fsize)(fd.res);
- if (size > 0) {
- f_clo = VG_(malloc)("commandline.rdv.1", size+1);
- vg_assert(f_clo);
- n = VG_(read)(fd.res, f_clo, size);
- if (n == -1) n = 0;
- vg_assert(n >= 0 && n <= size+1);
- f_clo[n] = '\0';
+ Int res = VG_(fstat)( fd.res, &stat_buf );
+ // Ignore if not owned by current user or world writeable (CVE-2008-4865)
+ if (!res && stat_buf.st_uid == VG_(geteuid)()
+ && (!(stat_buf.st_mode & VKI_S_IWOTH))) {
+ if ( stat_buf.st_size > 0 ) {
+ f_clo = VG_(malloc)("commandline.rdv.1", stat_buf.st_size+1);
+ vg_assert(f_clo);
+ n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
+ if (n == -1) n = 0;
+ vg_assert(n >= 0 && n <= stat_buf.st_size+1);
+ f_clo[n] = '\0';
+ }
}
+ else
+ VG_(message)(Vg_UserMsg,
+ "%s was not read as it is world writeable or not owned by the "
+ "current user", filename);
+
VG_(close)(fd.res);
}
return f_clo;
Modified: trunk/docs/xml/manual-core.xml
===================================================================
--- trunk/docs/xml/manual-core.xml 2008-11-21 19:18:47 UTC (rev 8797)
+++ trunk/docs/xml/manual-core.xml 2008-11-22 12:03:19 UTC (rev 8798)
@@ -1346,8 +1346,16 @@
precedence over those in
<computeroutput>~/.valgrindrc</computeroutput>. The first two
are particularly useful for setting the default tool to
-use.</para>
+use.
+</para>
+<para>Please note that the <computeroutput>./.valgrindrc</computeroutput>
+file is ignored if it is marked as world writeable or not owned
+by the current user. This is because the .valgrindrc can contain options
+that are potentially harmful or can be used by a local attacker to
+execute code under your user account.
+</para>
+
<para>Any tool-specific options put in
<computeroutput>$VALGRIND_OPTS</computeroutput> or the
<computeroutput>.valgrindrc</computeroutput> files should be
|