[Pkg-vsquare-devel] Bug#487434: vde ctl permission

Matthew King matthew.king at monnsta.net
Sat Jun 21 20:06:29 UTC 2008 

Package: vde2
Version: 2.2.1-1
Severity: wishlist

Improve the permission on /var/run/vde2 and /var/run/vde2/*.ctl (or
whatever ctl file is chosen).

First I should indicate that I can see no reason why 2775 (ie. o+rx) is
a bad idea on /var/run/ctl. Any user who can run ps or ifconfig can
guess what's inside. If there is a compelling reason why this is a bad
thing then so be it.

On the other hand, if it remains 2770 then anybody who wishes to connect
a vde port must be in the vde2-net group, which also grants access to
write to the /var/run/vde2 directory and, by extension, connect to the
management port.

The attached patch allows one group (passed to vde_switch) to be given
rights to connect to ports while another (vde2-net) gets authority to
manage the switch itself.

If vde_switch is passed -g vmuser, then the various directories look
like (with one port attached):

drwxrwsr-x 3 vde2-net vde2-net 4096 2008-06-21 20:27 /var/run/vde2
drwxrws--- 2 root     vmuser   4096 2008-06-21 20:27 /var/run/vde2/vde_lego_kvm.ctl
srwx------ 1 mking    vmuser      0 2008-06-21 20:27 /var/run/vde2/vde_lego_kvm.ctl/002
srw-rw---- 1 root     vmuser      0 2008-06-21 20:27 /var/run/vde2/vde_lego_kvm.ctl/ctl
srw-rw---- 1 root     vde2-net    0 2008-06-21 20:27 /var/run/vde2/vde_lego_kvm.mgmt
-rw-r--r-- 1 root     vde2-net    6 2008-06-21 20:27 /var/run/vde2/vde_lego_kvm.pid

Matthew

diff -ur vde2-2.2.1/debian/network/if-pre-up.d/vde2 vde2-2.2.1-owner/debian/network/if-pre-up.d/vde2
--- vde2-2.2.1/debian/network/if-pre-up.d/vde2	2008-06-21 20:52:48.000000000 +0100
+++ vde2-2.2.1-owner/debian/network/if-pre-up.d/vde2	2008-06-21 19:58:17.000000000 +0100
@@ -21,7 +21,7 @@
 if [ ! -d /var/run/vde2 ]; then
     mkdir -p /var/run/vde2
     chown vde2-net:vde2-net /var/run/vde2
-    chmod 2770 /var/run/vde2
+    chmod 2775 /var/run/vde2
 fi
 
 # vde2-switch [-|<args>]
diff -ur vde2-2.2.1/debian/postinst vde2-2.2.1-owner/debian/postinst
--- vde2-2.2.1/debian/postinst	2008-06-21 20:52:48.000000000 +0100
+++ vde2-2.2.1-owner/debian/postinst	2008-06-21 20:58:55.000000000 +0100
@@ -13,7 +13,7 @@
 
     if ! dpkg-statoverride --list /var/run/vde2 >/dev/null; then
         chown vde2-net:vde2-net /var/run/vde2
-        chmod 2770 /var/run/vde2
+        chmod 2775 /var/run/vde2
     fi
 
     if [ ! -e /dev/.devfsd ] && [ ! -e /dev/net/tun ]; then
diff -ur vde2-2.2.1/src/vde_switch/datasock.c vde2-2.2.1-owner/src/vde_switch/datasock.c
--- vde2-2.2.1/src/vde_switch/datasock.c	2008-06-15 17:49:16.000000000 +0100
+++ vde2-2.2.1-owner/src/vde_switch/datasock.c	2008-06-21 20:22:19.000000000 +0100
@@ -418,6 +418,10 @@
 		printlog(LOG_ERR,"Could not set the VDE ctl directory '%s' permissions: %s", ctl_socket, strerror(errno));
 		exit(-1);
 	}
+	if(chown(ctl_socket,-1,grp_owner) < 0) {
+		printlog(LOG_ERR, "Could not chown the VDE ctl directory '%s': %s", ctl_socket, strerror(errno));
+		exit(-1);
+	}
 	sun.sun_family = AF_UNIX;
 	snprintf(sun.sun_path,sizeof(sun.sun_path),"%s/ctl",ctl_socket);
 	if(bind(connect_fd, (struct sockaddr *) &sun, sizeof(sun)) < 0){

-- 
I must take issue with the term "a mere child", for it has been my
invariable experience that the company of a mere child is infinitely
preferable to that of a mere adult.
                                           --  Fran Lebowitz

More information about the Pkg-vsquare-devel mailing list