Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / trousers / 64e7adfb13e5da09598907cd17040516a914146b^! / .
commit64e7adfb13e5da09598907cd17040516a914146b[log] [tgz]
authorQijiang Fan <fqj@chromium.org>Wed Mar 20 15:20:33 2019 +0900
committerchrome-bot <chrome-bot@chromium.org>Sun Apr 07 02:56:16 2019 -0700
treee307a2f1a52cd80a5ad67372c553192e72b7b66b
parent6c2cac92b71c2c96e020a10c4f01afdf311bf8e4 [diff]
trousers: change permission bits of tcsd.conf to 0644.

tcsd is starting with user root and group root, to read the
configuration from /etc/tcsd. root:root will need read access to
/etc/tcsd.conf. tcsd.conf was owned by tss:tss and have mode 0600, thus
root will need special privileges named dac_override to override POSIX
discretionary access control, which is discouraged from our security
model.

Since our tcsd.conf is distributed through the image, and doesn't
contain sensitive information (key, passphrase, etc). It should be safe
to open the read access to all others.

BUG=chromium:943965
TEST=start tcsd

Change-Id: I56979f5419636e7c7310df740afca2a76ea61bf6
Reviewed-on: https://chromium-review.googlesource.com/1531903
Commit-Ready: Qijiang Fan <fqj@google.com>
Tested-by: Qijiang Fan <fqj@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

diff --git a/dist/Makefile.am b/dist/Makefile.am
index 372736a..e361501 100644
--- a/dist/Makefile.am
+++ b/dist/Makefile.am

@@ -5,7 +5,7 @@
 	if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi
 if !NOUSERCHECK
 	/bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true
-	/bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
+	/bin/chmod 0644 ${DESTDIR}/@sysconfdir@/tcsd.conf
 endif
 
 install-exec-hook:

diff --git a/src/tcsd/tcsd_conf.c b/src/tcsd/tcsd_conf.c
index 1f9dcb3..01fd178 100644
--- a/src/tcsd/tcsd_conf.c
+++ b/src/tcsd/tcsd_conf.c

@@ -759,7 +759,7 @@
 #ifndef SOLARIS
 	struct group *grp;
 	struct passwd *pw;
-	mode_t mode = (S_IRUSR|S_IWUSR);
+	mode_t mode = (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
 #endif /* SOLARIS */
 	TSS_RESULT result;
 
@@ -820,9 +820,18 @@
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 
+	/* Chrome OS:
+	 * Config files for Chrome OS is shipped with the images, and contains
+	 * no sensitive information, and protected by rootfs verification from
+	 * alteration. It should be okay to open the read access to all others
+	 * too.
+	 * Otherwise, with SELinux, tcsd will require special privileges to
+	 * override POSIX permission bits to read configuration file.
+	 */
 	/* make sure only the tss user can manipulate the config file */
-	if (((stat_buf.st_mode & 0777) ^ mode) != 0) {
-		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
+	if (((stat_buf.st_mode & 0777) | mode ) != mode) {
+		LogError("TCSD config file (%s) should not be writable by non-tss user.",
+			 tcsd_config_file);
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 #endif /* SOLARIS */