depot/third_party/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch

182 lines
8.5 KiB
Diff
Raw Normal View History

diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h
index 25b918d1..1420ff1d 100644
--- a/include/iprt/mangling.h
+++ b/include/iprt/mangling.h
@@ -1695,6 +1695,7 @@
# define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix)
# define RTPathStripFilename RT_MANGLER(RTPathStripFilename)
# define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash)
+# define RTPathSuidDir RT_MANGLER(RTPathSuidDir)
# define RTPathTemp RT_MANGLER(RTPathTemp)
# define RTPathTraverseList RT_MANGLER(RTPathTraverseList)
# define RTPathUnlink RT_MANGLER(RTPathUnlink)
@@ -1734,6 +1735,7 @@
# define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask)
# define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath)
# define RTProcGetPriority RT_MANGLER(RTProcGetPriority)
+# define RTProcGetSuidPath RT_MANGLER(RTProcGetSuidPath)
# define RTProcIsRunningByName RT_MANGLER(RTProcIsRunningByName)
# define RTProcQueryParent RT_MANGLER(RTProcQueryParent)
# define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername)
diff --git a/include/iprt/path.h b/include/iprt/path.h
index 99060e35..ccfbeb76 100644
--- a/include/iprt/path.h
+++ b/include/iprt/path.h
@@ -1221,6 +1221,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, const char *p
*/
RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath);
+/**
+ * Gets the path to the NixOS setuid wrappers directory.
+ *
+ * @returns iprt status code.
+ * @param pszPath Buffer where to store the path.
+ * @param cchPath Buffer size in bytes.
+ */
+RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath);
+
/**
* Gets the user home directory.
*
diff --git a/include/iprt/process.h b/include/iprt/process.h
index f4f67dd4..ab882a19 100644
--- a/include/iprt/process.h
+++ b/include/iprt/process.h
@@ -352,6 +352,16 @@ RTR3DECL(const char *) RTProcExecutablePath(void);
*/
RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath);
+/**
+ * Gets the path to the NixOS setuid wrappers directory.
+ *
+ * @returns pszExecPath on success. NULL on buffer overflow or other errors.
+ *
+ * @param pszExecPath Where to store the path.
+ * @param cbExecPath The size of the buffer.
+ */
+RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath);
+
/**
* Daemonize the current process, making it a background process.
*
diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
index 75ff8572..18a077b7 100644
--- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
+++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp
@@ -1531,9 +1531,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo
bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv");
# else
NOREF(fRelaxed);
- bool fBad = true;
+ bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store"));
# endif
- if (fBad)
+ if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store"))
return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo,
"An unknown (and thus untrusted) group has write access to '", pszPath,
"' and we therefore cannot trust the directory content or that of any subdirectory");
diff --git a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
index 2991d3a7..d042a08b 100644
--- a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
+++ b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp
@@ -90,7 +90,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId,
/* Get the path to the executable directory w/ trailing slash: */
char szPath[RTPATH_MAX];
- int vrc = RTPathAppPrivateArch(szPath, sizeof(szPath));
+ int vrc = RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers/bin");
AssertRCReturn(vrc, vrc);
size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath));
AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG);
diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp
index 2e57690a..3272c840 100644
--- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp
+++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp
@@ -188,7 +188,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop)
* ASSUME it is relative to the directory that holds VBoxSVC.
*/
char szExePath[RTPATH_MAX];
- AssertReturn(RTProcGetExecutablePath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG);
+ AssertReturn(RTProcGetSuidPath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG);
RTPathStripFilename(szExePath);
int vrc = RTPathAppend(szExePath, sizeof(szExePath), m->pszProcName);
AssertLogRelRCReturn(vrc, vrc);
diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp
index af155966..3b8e793d 100644
--- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp
+++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp
@@ -48,7 +48,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char
const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL };
char szAdpCtl[RTPATH_MAX];
- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME));
+ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME));
if (RT_FAILURE(rc))
{
LogRel(("NetIfAdpCtl: failed to get program path, rc=%Rrc.\n", rc));
@@ -95,7 +95,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch
int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize)
{
char szAdpCtl[RTPATH_MAX];
- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd));
+ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd));
if (RT_FAILURE(rc))
{
LogRel(("NetIfAdpCtlOut: Failed to get program path, rc=%Rrc\n", rc));
@@ -210,7 +210,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox,
progress.queryInterfaceTo(aProgress);
char szAdpCtl[RTPATH_MAX];
- vrc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add"));
+ vrc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add"));
if (RT_FAILURE(vrc))
{
progress->i_notifyComplete(E_FAIL,
diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp
index 4b1a0ada..7f6dd707 100644
--- a/src/VBox/Runtime/r3/path.cpp
+++ b/src/VBox/Runtime/r3/path.cpp
@@ -81,6 +81,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath)
}
+RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath)
+{
+ return RTStrCopy(pszPath, cchPath, "/run/wrappers/bin");
+}
+
+
RTDECL(int) RTPathAppPrivateNoArch(char *pszPath, size_t cchPath)
{
#if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE)
diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp
index 5f7c7a87..59461cfa 100644
--- a/src/VBox/Runtime/r3/process.cpp
+++ b/src/VBox/Runtime/r3/process.cpp
@@ -117,6 +117,25 @@ RTR3DECL(const char *) RTProcExecutablePath(void)
return g_szrtProcExePath;
}
+/*
+ * Note the / at the end! This is important, because the functions using this
+ * will cut off everything after the rightmost / as this function is analogous
+ * to RTProcGetExecutablePath().
+ */
+#define SUIDDIR "/run/wrappers/bin/"
+
+RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath)
+{
+ if (cbExecPath >= sizeof(SUIDDIR))
+ {
+ memcpy(pszExecPath, SUIDDIR, sizeof(SUIDDIR));
+ pszExecPath[sizeof(SUIDDIR)] = '\0';
+ return pszExecPath;
+ }
+
+ AssertMsgFailed(("Buffer too small (%zu <= %zu)\n", cbExecPath, sizeof(SUIDDIR)));
+ return NULL;
+}
RTR3DECL(const char *) RTProcShortName(void)
{