Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config file support #326

Merged
merged 6 commits into from
Jan 29, 2025
Merged

Config file support #326

merged 6 commits into from
Jan 29, 2025

Conversation

dacav
Copy link
Contributor

@dacav dacav commented Dec 13, 2024

Fixes #265

@dacav dacav requested a review from LDVG December 13, 2024 15:08
@dacav dacav self-assigned this Dec 13, 2024
@dacav dacav marked this pull request as draft December 13, 2024 15:08
@dacav
Copy link
Contributor Author

dacav commented Dec 13, 2024
edited
Loading

  • Manpages update

@dacav dacav force-pushed the dacav/config_file branch 2 times, most recently from 611e678 to 257c433 Compare December 16, 2024 23:23
dacav
dacav commented Dec 16, 2024
View reviewed changes
cfg.c Outdated Show resolved Hide resolved
dacav
dacav commented Dec 16, 2024
View reviewed changes
cfg.c Outdated Show resolved Hide resolved
dacav
dacav commented Dec 16, 2024
View reviewed changes
README Outdated Show resolved Hide resolved
dacav
dacav commented Dec 16, 2024
View reviewed changes
man/pam_u2f.8.txt Outdated Show resolved Hide resolved
@dacav dacav force-pushed the dacav/config_file branch 2 times, most recently from 81fb36f to e9d2621 Compare December 17, 2024 08:24
@dacav dacav marked this pull request as ready for review December 17, 2024 08:36
@dacav dacav force-pushed the dacav/config_file branch 2 times, most recently from 3b245e0 to 5365c0d Compare December 17, 2024 08:50
LDVG
LDVG reviewed Dec 17, 2024
View reviewed changes
Copy link
Contributor

@LDVG LDVG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a pretty good start to me. I've left mostly nitpicking comments in-line. 🙂

Makefile.am Outdated Show resolved Hide resolved
README Outdated Show resolved Hide resolved
README Outdated Show resolved Hide resolved
README Outdated Show resolved Hide resolved
README Outdated Show resolved Hide resolved
man/pam_u2f.8.txt Outdated Show resolved Hide resolved
man/pam_u2f.8.txt Outdated Show resolved Hide resolved
tests/cfg.c Outdated Show resolved Hide resolved
tests/cfg.c Outdated Show resolved Hide resolved
tests/cfg.c Show resolved Hide resolved
@dacav dacav marked this pull request as draft December 17, 2024 14:45
@dacav dacav force-pushed the dacav/config_file branch from 5365c0d to 98fdb4d Compare December 18, 2024 20:57
@dacav
Copy link
Contributor Author

dacav commented Dec 18, 2024
edited
Loading

Current situation:

What is left to do for the current PR (soon follow-up):

  • A proper MAX_PATH (currently using hard-wired 4096 - Linux).
  • A temporary --with-security-confdir solution, mimicking --with-pam-dir (future refinement)
  • Trailing comments and spaces around '='
  • Only file owner can write (hopefully that's root)
  • Only root can own the file (requires fakeroot-ish behaviour)
  • Comprehensive config unit test
  • Inject the security-confdir into manpages (currently "/etc/security" is a fixed string

@dacav dacav force-pushed the dacav/config_file branch 6 times, most recently from 0adeda2 to a6e93f3 Compare December 23, 2024 22:50
@dacav dacav marked this pull request as ready for review January 2, 2025 08:51
@dacav
Copy link
Contributor Author

dacav commented Jan 2, 2025

Oh no. I figured out this even more work!

Autoconf BUG (?)

  1. ./configure --with-sconf-dir=/a
  2. make && sudo make install
  3. ./configure --with-sconf-dir=/b
  4. make # WILL NOT RECOMPILE (well, only manpage)
  5. sudo make install # not what expected: old binary is installed again

This is a little pathological (maybe low prio?) but actually a defect.

Vulnerable for untidy sysadmin:

Currently my code is checking that the configuration file (1) belongs to root, (2) can only be written by root, (3) is not a symlink. But I'm not checking the status of the above directories... Therefore, assuming that pam_u2f.so is configured to use /my/hopefully/notalink/pam_u2f.conf as a configuration file, in the (also pathological?) situation the unprivileged user might be able to hijack the configuration:

  user@localhost:/my$ ls -lR .
  .:
  total 4
  drwxrwxrwx 4 root root 4096 Jan  2 11:23 hopefully [1]

  ./hopefully:
  total 8
  drwxr-xr-x 2 root root 4096 Jan  2 11:15 notalink
  drwxr-xr-x 2 root root 4096 Jan  2 11:23 oops

  ./hopefully/notalink:
  total 4
  -rw-r--r-- 1 root root 13 Jan  2 11:05 pam_u2f.conf [2]

  ./hopefully/oops:
  total 4
  -rw-r--r-- 1 root root 13 Jan  2 11:23 pam_u2f.conf [2]

[1] world-writable directory
[2] a root-owned-not-writable copy exists

Attack:

  user@localhost:/my$ cd hopefully
  user@localhost:/my/hopefully$ mv notalink/ goodbye
  user@localhost:/my/hopefully$ ln -s oops notalink
  user@localhost:/my/hopefully$ cd ..
  user@localhost:/my$ ls -lR
  .:
  total 4
  drwxrwxrwx 4 root root 4096 Jan  2 11:25 hopefully

  ./hopefully:
  total 8
  drwxr-xr-x 2 root root 4096 Jan  2 11:15 goodbye
  lrwxrwxrwx 1 user user    4 Jan  2 11:25 notalink -> oops
  drwxr-xr-x 2 root root 4096 Jan  2 11:23 oops

  ./hopefully/goodbye:
  total 4
  -rw-r--r-- 1 root root 13 Jan  2 11:05 pam_u2f.conf

  ./hopefully/oops:
  total 4
  -rw-r--r-- 1 root root 15 Jan  2 11:23 pam_u2f.conf

@dacav dacav force-pushed the dacav/config_file branch 2 times, most recently from 36e1255 to 58e0177 Compare January 8, 2025 12:45
@dacav dacav marked this pull request as draft January 8, 2025 12:59
@dacav dacav force-pushed the dacav/config_file branch 3 times, most recently from 9d2c5d1 to f90d66a Compare January 13, 2025 08:43
@dacav dacav marked this pull request as ready for review January 13, 2025 08:44
@dacav dacav force-pushed the dacav/config_file branch 2 times, most recently from 3a0ebb6 to 6faab0d Compare January 15, 2025 07:57
@dacav
Copy link
Contributor Author

dacav commented Jan 15, 2025

Rebased on current main.

LDVG
LDVG reviewed Jan 15, 2025
View reviewed changes
Copy link
Contributor

@LDVG LDVG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

last iteration of nit picking, this looks good to go otherwise. nice work! :)

cfg.c Show resolved Hide resolved
cfg.c Outdated Show resolved Hide resolved
cfg.c Outdated Show resolved Hide resolved
cfg.c Outdated Show resolved Hide resolved
cfg.h Outdated Show resolved Hide resolved
README Outdated Show resolved Hide resolved
@dacav dacav force-pushed the dacav/config_file branch from 6faab0d to 1a9a44a Compare January 23, 2025 12:49
@dacav
Copy link
Contributor Author

dacav commented Jan 23, 2025

Applied requested changes, and rebased on current main branch.

@dacav dacav force-pushed the dacav/config_file branch 3 times, most recently from 47176b2 to c1e634b Compare January 28, 2025 13:10
@dacav
pam: Introduce cfg module
ee20e22 
Having it into another module will prevent the code from being messy
later.

The parsing procedure is taken verbatim: no semantic change, no
behavioural change.
@dacav dacav force-pushed the dacav/config_file branch 3 times, most recently from c5e4158 to 99cc56f Compare January 29, 2025 14:09
dacav added 5 commits January 29, 2025 15:26
@dacav
pam: Config file support
b54ffd4 
The configuration file defines the default behaviour of pam_u2f.
Individual module invocations under /etc/pam.d can override
settings.

The file-system location of the config file is by default
$sysconfdir/security/pam_u2f.conf, where $sysconfdir is supplied at
build time.

A new module configuration, "conf=", allows to override it at
runtime. Only absolute paths are accepted.
@dacav
tests: Add unit tests for conf file
3e6a2b8
@dacav
fuzz: Integrate cfg with libfuzzer testing
e94e075 
- split-input format: add trailing blob for config file

  The corpus needs some update.

- wrappers (-Wl,--wrap) integrate fuzzing of the configuration file.

  The configuration file, mutated by the fuzzer, is made
  available to the cfg.c implementation.

  The mock-up works under the assumption that only the cfg.c
  module works by opening "/" with open(3), and follows up with an
  alternation of openat(3) and fstat(3) calls.
@dacav
README: update with info about conf file
c7d280a
@dacav
man: update with info about conf file
3bd2d7d 
The SCONFDIR variable is expanded by the build system within
the pam_u2f.8 manpage.
@dacav dacav force-pushed the dacav/config_file branch from 99cc56f to 3bd2d7d Compare January 29, 2025 14:26
@LDVG LDVG merged commit 3bd2d7d into main Jan 29, 2025
29 checks passed
@LDVG LDVG deleted the dacav/config_file branch January 29, 2025 15:38
This was referenced Jan 29, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LDVG LDVG LDVG approved these changes

Assignees

@dacav dacav

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[RFE] Allow to set pam_u2f arguments in configuration file
2 participants
@dacav @LDVG