Use lchown() instead of chown() for self-created files

There is no need to allow symlink dereferencing in these cases where a
file (including directories and sockets) are created by the same
process, so use the safer lchown() variant to avoid leaving potential
windows for something external to replace the file before the chown()
call. The particular locations used here should not have write
permissions enabled for processes with less privileges, so this may not
be needed, but anyway, it is better to make these more restrictive
should there be cases where directory permissions are not as expected
for a good deployment.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index a0604ed09386611c57d9f7f7b94b446bce36caf9..18621d02c3f4f16c71b291ec4aa06f684d5d43a8 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3506,18 +3506,18 @@ fail:
        }
 
        if (hapd->conf->ctrl_interface_gid_set &&
-           chown(hapd->conf->ctrl_interface, -1,
-                 hapd->conf->ctrl_interface_gid) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+           lchown(hapd->conf->ctrl_interface, -1,
+                  hapd->conf->ctrl_interface_gid) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
                           strerror(errno));
                return -1;
        }
 
        if (!hapd->conf->ctrl_interface_gid_set &&
            hapd->iface->interfaces->ctrl_iface_group &&
-           chown(hapd->conf->ctrl_interface, -1,
-                 hapd->iface->interfaces->ctrl_iface_group) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+           lchown(hapd->conf->ctrl_interface, -1,
+                  hapd->iface->interfaces->ctrl_iface_group) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
                           strerror(errno));
                return -1;
        }
@@ -3590,16 +3590,16 @@ fail:
        }
 
        if (hapd->conf->ctrl_interface_gid_set &&
-           chown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s",
+           lchown(fname, -1, hapd->conf->ctrl_interface_gid) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
                           strerror(errno));
                goto fail;
        }
 
        if (!hapd->conf->ctrl_interface_gid_set &&
            hapd->iface->interfaces->ctrl_iface_group &&
-           chown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface/ifname]: %s",
+           lchown(fname, -1, hapd->iface->interfaces->ctrl_iface_group) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface/ifname]: %s",
                           strerror(errno));
                goto fail;
        }
@@ -4273,9 +4273,9 @@ fail:
                        goto fail;
                }
        } else if (interface->ctrl_iface_group &&
-                  chown(interface->global_iface_path, -1,
-                        interface->ctrl_iface_group) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+                  lchown(interface->global_iface_path, -1,
+                         interface->ctrl_iface_group) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
                           strerror(errno));
                goto fail;
        }
@@ -4332,8 +4332,8 @@ fail:
        }
 
        if (interface->ctrl_iface_group &&
-           chown(fname, -1, interface->ctrl_iface_group) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface]: %s",
+           lchown(fname, -1, interface->ctrl_iface_group) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface]: %s",
                           strerror(errno));
                goto fail;
        }

diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 636e10666f8b027dd4d3f9197f4e653ffeefd145..b48903dc479a81b069668d3dbaba7918f09207a9 100644 (file)
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -117,8 +117,8 @@ static int android_update_permission(const char *path, mode_t mode)
 
        /* Allow processes running with Group ID as AID_WIFI,
         * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
-       if (chown(path, -1, AID_WIFI)) {
-               wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
+       if (lchown(path, -1, AID_WIFI)) {
+               wpa_printf(MSG_INFO, "CTRL: Could not lchown directory: %s",
                           strerror(errno));
                return -1;
        }

diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index b88c80a99551fdfa9a80883940df94ff940855aa..71fe7ed6bef50217f2d3512d3f8049785de948dd 100644 (file)
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -570,8 +570,8 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
                }
        }
 
-       if (gid_set && chown(dir, -1, gid) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s",
+       if (gid_set && lchown(dir, -1, gid) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
                           dir, (int) gid, strerror(errno));
                goto fail;
        }
@@ -638,8 +638,8 @@ static int wpas_ctrl_iface_open_sock(struct wpa_supplicant *wpa_s,
                }
        }
 
-       if (gid_set && chown(fname, -1, gid) < 0) {
-               wpa_printf(MSG_ERROR, "chown[ctrl_interface=%s,gid=%d]: %s",
+       if (gid_set && lchown(fname, -1, gid) < 0) {
+               wpa_printf(MSG_ERROR, "lchown[ctrl_interface=%s,gid=%d]: %s",
                           fname, (int) gid, strerror(errno));
                goto fail;
        }
@@ -1235,9 +1235,9 @@ static int wpas_global_ctrl_iface_open_sock(struct wpa_global *global,
                        wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d",
                                   (int) gid);
                }
-               if (chown(ctrl, -1, gid) < 0) {
+               if (lchown(ctrl, -1, gid) < 0) {
                        wpa_printf(MSG_ERROR,
-                                  "chown[global_ctrl_interface=%s,gid=%d]: %s",
+                                  "lchown[global_ctrl_interface=%s,gid=%d]: %s",
                                   ctrl, (int) gid, strerror(errno));
                        goto fail;
                }

diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 267612afc7922b74ef54a5790438d57021855ce7..cb236df18d86b5556031e1fa2e674cf1a8fbacb1 100644 (file)
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -431,7 +431,7 @@ static void hs20_set_osu_access_permission(const char *osu_dir,
                return;
        }
 
-       if (chown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
+       if (lchown(fname, statbuf.st_uid, statbuf.st_gid) < 0) {
                wpa_printf(MSG_WARNING, "Cannot change the ownership for %s",
                           fname);
        }