[maemo-developers] Handling files in root privileged directory from an application

From: Thomas Perl th.perl at gmail.com
Date: Mon Oct 4 15:17:57 EEST 2010 
Hi!

2010/10/3 Chris Saturn <Chris_Saturn at hotmail.com>:
> I would like to ask your insight a way to handle securely files that need to
> arrive in root privileged directory from a user application written in
> python.
>
> In my specific case, the user application will create a file and copy it to
> /etc/events.d which will be executed on the next boot.
>
> At the moment, I'm making use of the rootsh package feature and the (very
> ugly but functional) call to copy the user created/modified file back like
> this:
> os.system('echo "cp %s %s"|root' % (Path + ConfigFile, MainPath + MainFile))

Shell command injection, anyone? This snippet looks very dangerous to
me :/ Just imagine ConfigFile being equal to "; rm -rf / #" (but don't
try it out :p).

I propose creating a "root-helper-scripts" (or similarly-named)
package that would provide a command like "root-copy-file" (with
parameters from and to) that will display a nice dialog box to the
user ("An application tries to copy the file [...] to [...]. This
requires root privileges and could harm your system. Do you want to
allow this?" with "Allow" and "Deny" as buttons). You could then use
the much more sensible "subprocess" package to carry out the
operation:

from_file = Path + ConfigFile
to_file = MainPath + MainFile
p = subprocess.Popen(['root-copy-file', from_file, to_file])
if p.wait() != 0:
    # ...show error message here...

The "root-copy-file" script could be setuid root and carry out the
operation only if the user acceps the GUI prompt and have all the
necessary security checks built-in. No need to set write permissions
for the user on the file in /etc. This way, you don't need to depend
on rootsh (but only on the not yet existing root-helper-scripts
package), and the user will always know when a potentially harmful
operation is carried out. Other packages could also depend on that
package (and possibly other scripts yet to be created if they are
required).

HTH.
Thomas
More information about the maemo-developers mailing list