From e88f91b00a715b79255de6576506d80ecfdb064c Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Tue, 29 Jan 2019 14:03:19 -0800 Subject: [PATCH] Fix possible security issue with the permissions of the intermediate staging directory and path /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be a regular directory, but malicious code or user may create the /tmp/VMwareDnD as a symbolic link which points elsewhere on the system. This may provide user access to user B's files. Do not set the permission of the root directory if the root directory already exists and has the wrong permission. The permission of the directory must be 1777 if it is created by the VMToolsi. If not, then the directory has been created or modified by malicious code or user, so just cancel the host to guest DnD or CnP operation. --- open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c | 7 +++---- open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c index 973d29519..8b8821f00 100644 --- a/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c +++ b/open-vm-tools/services/plugins/dndcp/dnd/dndCommon.c @@ -276,12 +276,11 @@ DnDCreateRootStagingDirectory(void) } if (File_Exists(root)) { - if (!DnDRootDirUsable(root) && - !DnDSetPermissionsOnRootDir(root)) { + if (!DnDRootDirUsable(root)) { /* - * The directory already exists and its permissions are wrong and - * cannot be set, so there's not much we can do. + * The directory already exists and its permissions are wrong. */ + Log("%s: The root dir is not usable.\n", __FUNCTION__); return NULL; } } else { diff --git a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c index 4f52829e7..9a273d645 100644 --- a/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c +++ b/open-vm-tools/services/plugins/dndcp/dnd/dndXdg.c @@ -318,12 +318,11 @@ CreateApparentRootDirectory(void) } if (File_Exists(root)) { - if ( !DnDRootDirUsable(root) - && !DnDSetPermissionsOnRootDir(root)) { + if (!DnDRootDirUsable(root)) { /* - * The directory already exists and its permissions are wrong and - * cannot be set, so there's not much we can do. + * The directory already exists and its permissions are wrong. */ + Log_Trivia("dnd: The root dir is not usable.\n"); return NULL; } } else { -- 2.47.3