diff options
author | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-25 15:28:54 +0200 |
---|---|---|
committer | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-26 09:14:41 +0200 |
commit | 2e7db1befc1375f1f097f9736340205fbc350550 (patch) | |
tree | bdf114c97a3b4eb9a87107426d5f9dac06ccc222 /src/system | |
parent | 7f18f68cc730024d1053255557cc10c788f8627d (diff) | |
download | DLT-daemon-2e7db1befc1375f1f097f9736340205fbc350550.tar.gz |
Fixed: Security Issue by Command Injection in DLT System.
Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
Diffstat (limited to 'src/system')
-rw-r--r-- | src/system/dlt-system-options.c | 9 | ||||
-rw-r--r-- | src/system/dlt-system-process-handling.c | 3 | ||||
-rw-r--r-- | src/system/dlt-system-shell.c | 16 | ||||
-rw-r--r-- | src/system/dlt-system.conf | 11 | ||||
-rw-r--r-- | src/system/dlt-system.h | 6 |
5 files changed, 39 insertions, 6 deletions
diff --git a/src/system/dlt-system-options.c b/src/system/dlt-system-options.c index 4d0ae8b..113089b 100644 --- a/src/system/dlt-system-options.c +++ b/src/system/dlt-system-options.c @@ -133,6 +133,9 @@ void init_configuration(DltSystemConfiguration *config) // Common config->ApplicationId = "SYS"; + // Shell + config->Shell.Enable = 0; + // Syslog config->Syslog.Enable = 0; config->Syslog.ContextId = "SYSL"; @@ -244,6 +247,12 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name) strcpy(config->ApplicationId, value); } + // Shell + else if(strcmp(token, "ShellEnable") == 0) + { + config->Shell.Enable = atoi(value); + } + // Syslog else if(strcmp(token, "SyslogEnable") == 0) { diff --git a/src/system/dlt-system-process-handling.c b/src/system/dlt-system-process-handling.c index 72a2785..c23bcca 100644 --- a/src/system/dlt-system-process-handling.c +++ b/src/system/dlt-system-process-handling.c @@ -121,7 +121,8 @@ void start_threads(DltSystemConfiguration *config) start_systemd_watchdog(config); #endif - init_shell(); + if(config->Shell.Enable) + init_shell(); if(config->LogFile.Enable) start_logfile(config); diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c index 758f5fc..61b4b50 100644 --- a/src/system/dlt-system-shell.c +++ b/src/system/dlt-system-shell.c @@ -60,17 +60,17 @@ DLT_DECLARE_CONTEXT(shellContext) int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length) { - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection callback")); char text[1024]; int syserr = 0; strncpy(text,data,length); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection injection id:"), DLT_UINT32(service_id)); - DLT_LOG(dltsystem,DLT_LOG_DEBUG, + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection data:"), DLT_STRING(text)); @@ -79,14 +79,20 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt case 0x1001: if((syserr = system(text)) != 0) { - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, abnormal exit status."), DLT_STRING(text), DLT_INT(syserr)); } + else + { + DLT_LOG(shellContext,DLT_LOG_INFO, + DLT_STRING("Shell command executed:"), + DLT_STRING(text)); + } break; default: - DLT_LOG(dltsystem,DLT_LOG_ERROR, + DLT_LOG(shellContext,DLT_LOG_ERROR, DLT_STRING("dlt-system-shell, unknown command received."), DLT_UINT32(service_id), DLT_STRING(text)); diff --git a/src/system/dlt-system.conf b/src/system/dlt-system.conf index bc121f4..acb2bb0 100644 --- a/src/system/dlt-system.conf +++ b/src/system/dlt-system.conf @@ -9,6 +9,17 @@ ApplicationId = SYS ######################################################################## +# Shell configuration +######################################################################## + +# Be careful when you enable this feature. The user can send any kind of +# shell commands. The commands are executed with the rights of the +# dlt-system process. Dlt-system is started by default as user genivi. + +# Enable the Shell for command line injections (Default: 0) +ShellEnable = 0 + +######################################################################## # Syslog Adapter configuration ######################################################################## diff --git a/src/system/dlt-system.h b/src/system/dlt-system.h index aed71a6..211b198 100644 --- a/src/system/dlt-system.h +++ b/src/system/dlt-system.h @@ -86,6 +86,11 @@ typedef struct { int Daemonize; } DltSystemCliOptions; +// Configuration shell options +typedef struct { + int Enable; +} ShellOptions; + // Configuration syslog options typedef struct { int Enable; @@ -142,6 +147,7 @@ typedef struct { typedef struct { char *ApplicationId; + ShellOptions Shell; SyslogOptions Syslog; JournalOptions Journal; FiletransferOptions Filetransfer; |