summaryrefslogtreecommitdiff
path: root/src/system
diff options
context:
space:
mode:
authorAlexander Wenzel <Alexander.AW.Wenzel@bmw.de>2013-07-25 15:28:54 +0200
committerAlexander Wenzel <Alexander.AW.Wenzel@bmw.de>2013-07-26 09:14:41 +0200
commit2e7db1befc1375f1f097f9736340205fbc350550 (patch)
treebdf114c97a3b4eb9a87107426d5f9dac06ccc222 /src/system
parent7f18f68cc730024d1053255557cc10c788f8627d (diff)
downloadDLT-daemon-2e7db1befc1375f1f097f9736340205fbc350550.tar.gz
Fixed: Security Issue by Command Injection in DLT System.
Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
Diffstat (limited to 'src/system')
-rw-r--r--src/system/dlt-system-options.c9
-rw-r--r--src/system/dlt-system-process-handling.c3
-rw-r--r--src/system/dlt-system-shell.c16
-rw-r--r--src/system/dlt-system.conf11
-rw-r--r--src/system/dlt-system.h6
5 files changed, 39 insertions, 6 deletions
diff --git a/src/system/dlt-system-options.c b/src/system/dlt-system-options.c
index 4d0ae8b..113089b 100644
--- a/src/system/dlt-system-options.c
+++ b/src/system/dlt-system-options.c
@@ -133,6 +133,9 @@ void init_configuration(DltSystemConfiguration *config)
// Common
config->ApplicationId = "SYS";
+ // Shell
+ config->Shell.Enable = 0;
+
// Syslog
config->Syslog.Enable = 0;
config->Syslog.ContextId = "SYSL";
@@ -244,6 +247,12 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
strcpy(config->ApplicationId, value);
}
+ // Shell
+ else if(strcmp(token, "ShellEnable") == 0)
+ {
+ config->Shell.Enable = atoi(value);
+ }
+
// Syslog
else if(strcmp(token, "SyslogEnable") == 0)
{
diff --git a/src/system/dlt-system-process-handling.c b/src/system/dlt-system-process-handling.c
index 72a2785..c23bcca 100644
--- a/src/system/dlt-system-process-handling.c
+++ b/src/system/dlt-system-process-handling.c
@@ -121,7 +121,8 @@ void start_threads(DltSystemConfiguration *config)
start_systemd_watchdog(config);
#endif
- init_shell();
+ if(config->Shell.Enable)
+ init_shell();
if(config->LogFile.Enable)
start_logfile(config);
diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c
index 758f5fc..61b4b50 100644
--- a/src/system/dlt-system-shell.c
+++ b/src/system/dlt-system-shell.c
@@ -60,17 +60,17 @@ DLT_DECLARE_CONTEXT(shellContext)
int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length)
{
- DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+ DLT_LOG(shellContext,DLT_LOG_DEBUG,
DLT_STRING("dlt-system-shell, injection callback"));
char text[1024];
int syserr = 0;
strncpy(text,data,length);
- DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+ DLT_LOG(shellContext,DLT_LOG_DEBUG,
DLT_STRING("dlt-system-shell, injection injection id:"),
DLT_UINT32(service_id));
- DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+ DLT_LOG(shellContext,DLT_LOG_DEBUG,
DLT_STRING("dlt-system-shell, injection data:"),
DLT_STRING(text));
@@ -79,14 +79,20 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt
case 0x1001:
if((syserr = system(text)) != 0)
{
- DLT_LOG(dltsystem,DLT_LOG_ERROR,
+ DLT_LOG(shellContext,DLT_LOG_ERROR,
DLT_STRING("dlt-system-shell, abnormal exit status."),
DLT_STRING(text),
DLT_INT(syserr));
}
+ else
+ {
+ DLT_LOG(shellContext,DLT_LOG_INFO,
+ DLT_STRING("Shell command executed:"),
+ DLT_STRING(text));
+ }
break;
default:
- DLT_LOG(dltsystem,DLT_LOG_ERROR,
+ DLT_LOG(shellContext,DLT_LOG_ERROR,
DLT_STRING("dlt-system-shell, unknown command received."),
DLT_UINT32(service_id),
DLT_STRING(text));
diff --git a/src/system/dlt-system.conf b/src/system/dlt-system.conf
index bc121f4..acb2bb0 100644
--- a/src/system/dlt-system.conf
+++ b/src/system/dlt-system.conf
@@ -9,6 +9,17 @@
ApplicationId = SYS
########################################################################
+# Shell configuration
+########################################################################
+
+# Be careful when you enable this feature. The user can send any kind of
+# shell commands. The commands are executed with the rights of the
+# dlt-system process. Dlt-system is started by default as user genivi.
+
+# Enable the Shell for command line injections (Default: 0)
+ShellEnable = 0
+
+########################################################################
# Syslog Adapter configuration
########################################################################
diff --git a/src/system/dlt-system.h b/src/system/dlt-system.h
index aed71a6..211b198 100644
--- a/src/system/dlt-system.h
+++ b/src/system/dlt-system.h
@@ -86,6 +86,11 @@ typedef struct {
int Daemonize;
} DltSystemCliOptions;
+// Configuration shell options
+typedef struct {
+ int Enable;
+} ShellOptions;
+
// Configuration syslog options
typedef struct {
int Enable;
@@ -142,6 +147,7 @@ typedef struct {
typedef struct {
char *ApplicationId;
+ ShellOptions Shell;
SyslogOptions Syslog;
JournalOptions Journal;
FiletransferOptions Filetransfer;