From 2e7db1befc1375f1f097f9736340205fbc350550 Mon Sep 17 00:00:00 2001
From: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
Date: Thu, 25 Jul 2013 15:28:54 +0200
Subject: Fixed: Security Issue by Command Injection in DLT System.

Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
---
 src/system/dlt-system-options.c          |  9 +++++++++
 src/system/dlt-system-process-handling.c |  3 ++-
 src/system/dlt-system-shell.c            | 16 +++++++++++-----
 src/system/dlt-system.conf               | 11 +++++++++++
 src/system/dlt-system.h                  |  6 ++++++
 5 files changed, 39 insertions(+), 6 deletions(-)

(limited to 'src/system')

diff --git a/src/system/dlt-system-options.c b/src/system/dlt-system-options.c
index 4d0ae8b..113089b 100644
--- a/src/system/dlt-system-options.c
+++ b/src/system/dlt-system-options.c
@@ -133,6 +133,9 @@ void init_configuration(DltSystemConfiguration *config)
 	// Common
 	config->ApplicationId 		= "SYS";
 
+	// Shell
+	config->Shell.Enable 		= 0;
+
 	// Syslog
 	config->Syslog.Enable 		= 0;
 	config->Syslog.ContextId	= "SYSL";
@@ -244,6 +247,12 @@ int read_configuration_file(DltSystemConfiguration *config, char *file_name)
 				strcpy(config->ApplicationId, value);
 			}
 
+			// Shell
+			else if(strcmp(token, "ShellEnable") == 0)
+			{
+				config->Shell.Enable = atoi(value);
+			}
+
 			// Syslog
 			else if(strcmp(token, "SyslogEnable") == 0)
 			{
diff --git a/src/system/dlt-system-process-handling.c b/src/system/dlt-system-process-handling.c
index 72a2785..c23bcca 100644
--- a/src/system/dlt-system-process-handling.c
+++ b/src/system/dlt-system-process-handling.c
@@ -121,7 +121,8 @@ void start_threads(DltSystemConfiguration *config)
 	start_systemd_watchdog(config);
 #endif
 
-	init_shell();
+	if(config->Shell.Enable)
+		init_shell();
 
 	if(config->LogFile.Enable)
 		start_logfile(config);
diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c
index 758f5fc..61b4b50 100644
--- a/src/system/dlt-system-shell.c
+++ b/src/system/dlt-system-shell.c
@@ -60,17 +60,17 @@ DLT_DECLARE_CONTEXT(shellContext)
 
 int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length)
 {
-	DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+	DLT_LOG(shellContext,DLT_LOG_DEBUG,
 			DLT_STRING("dlt-system-shell, injection callback"));
 	char text[1024];
     int syserr = 0;
 
 	strncpy(text,data,length);
 
-	DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+	DLT_LOG(shellContext,DLT_LOG_DEBUG,
 			DLT_STRING("dlt-system-shell, injection injection id:"),
 			DLT_UINT32(service_id));
-	DLT_LOG(dltsystem,DLT_LOG_DEBUG,
+	DLT_LOG(shellContext,DLT_LOG_DEBUG,
 			DLT_STRING("dlt-system-shell, injection data:"),
 			DLT_STRING(text));
 
@@ -79,14 +79,20 @@ int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t lengt
 		case 0x1001:
 			if((syserr = system(text)) != 0)
 			{
-				DLT_LOG(dltsystem,DLT_LOG_ERROR,
+				DLT_LOG(shellContext,DLT_LOG_ERROR,
 						DLT_STRING("dlt-system-shell, abnormal exit status."),
 						DLT_STRING(text),
 						DLT_INT(syserr));
 			}
+			else
+			{
+				DLT_LOG(shellContext,DLT_LOG_INFO,
+						DLT_STRING("Shell command executed:"),
+						DLT_STRING(text));				
+			}
 			break;
 		default:
-			DLT_LOG(dltsystem,DLT_LOG_ERROR,
+			DLT_LOG(shellContext,DLT_LOG_ERROR,
 					DLT_STRING("dlt-system-shell, unknown command received."),
 					DLT_UINT32(service_id),
 					DLT_STRING(text));
diff --git a/src/system/dlt-system.conf b/src/system/dlt-system.conf
index bc121f4..acb2bb0 100644
--- a/src/system/dlt-system.conf
+++ b/src/system/dlt-system.conf
@@ -8,6 +8,17 @@
 # The application Id used for the System manager (Default: SYS)
 ApplicationId = SYS
 
+########################################################################
+# Shell configuration                                                
+########################################################################
+
+# Be careful when you enable this feature. The user can send any kind of
+# shell commands. The commands are executed with the rights of the
+# dlt-system process. Dlt-system is started by default as user genivi.
+
+# Enable the Shell for command line injections (Default: 0)
+ShellEnable = 0
+
 ########################################################################
 # Syslog Adapter configuration                                                
 ########################################################################
diff --git a/src/system/dlt-system.h b/src/system/dlt-system.h
index aed71a6..211b198 100644
--- a/src/system/dlt-system.h
+++ b/src/system/dlt-system.h
@@ -86,6 +86,11 @@ typedef struct {
 	int 	Daemonize;
 } DltSystemCliOptions;
 
+// Configuration shell options
+typedef struct {
+	int  	Enable;
+} ShellOptions;
+
 // Configuration syslog options
 typedef struct {
 	int  	Enable;
@@ -142,6 +147,7 @@ typedef struct {
 
 typedef struct {
 	char *ApplicationId;
+	ShellOptions 			Shell;
 	SyslogOptions 			Syslog;
 	JournalOptions			Journal;
 	FiletransferOptions 	Filetransfer;
-- 
cgit v1.2.1